OpenSAML user discussion

Title: Question validation certificate chain

Hello everybody,

I'm quite new in the use of openSAML, so please be patient. :-)

My problem is the following: I have to implement an application that receives a SAML message with 3 certificates, one of them being the root certificate. I've searched on the internet how to verify certificate chains, but I do not think what I've found is what I'm looking for, and the reason is: they use a CertPathValidator class and verify the certificates they have in the keystore (as shown in Example 1 Step 3 on http://www.javaworld.com/javaworld/jw-12-2001/jw-1221-jdk4security_p.html). However, in my case, I have to verify the certificates included in the SAML message against the certificates I have in the keystore.

I do not know if the following line is enough to do what I want:
//samlResp is a SAMLResponse, and mCertificate the root certificate retrieved from the keystore.
samlResp.verify(mCertificate);

Maybe I have to do it 3 times, one for each certificate in the chain. I really do not know.
Can anyone help me with this please? Does anyone has an excerpt of code with such validation of a chain?
Thanks in advance.
Regards,
Miro Casanova