OpenSAML user discussion

["Scott Cantor" <>]

> I there a convenient way to use OpenSAML to verify the SAML token.
> SAMLAssertion.validate() seems only to check XML characteristics.
> Do you know a tutroial?

There is no documentation for OpenSAML 1 and the small bit of 2.0 docs are
out of date at the moment in this area. There is no method I can recall by
that name with that class name, so I don't know what version you're using
here.

1.x includes verify methods on the SAMLSignedObject class for examining
signatures. Trust is out of scope.

2.0 includes a more comprehensive API but it's still getting finished, in
Java anyway.

Validators in 2.0 can do anything, XML rules are merely one option. I
believe the raw signature checks are still handled with a validator object,
apart from the higher level trust engine APIs.

-- Scott