OpenSAML user discussion

[Glen Smith <>]

Hi Guys,

I have an incoming soap header with a signed identity assertion and was 
wondering if I can leaverage OpenSAML 1.1b to validate the signing for 
me. For example, I've got something like...

<wsse:Security>
....
<saml:Assertion>…</saml:Assertion>
<ds:Signature>…</ds:Signature>
</wsse:Security>

Now I've successfully created a SAMLAssertion object by passing the in 
the relevant DOM element and it checks out just fine. Then I was hoping 
to call SAMLAssertion.sign() - but that fails complaining the object 
isn't signed since the signing element doesn't appear inside the 
assertion itself.

I could do the XMLSig by hand using the underlying Apache lib.... but 
I'd only be duplicating the logic already inside that sign() method on 
SAMLSignedObject - which makes me think I've got the wrong idea about 
how I should be going about this.

Any ideas? BTW... really great library. I've used it at another clients 
site and it's saved us a ton of time.

Thanks,

Glen.