OpenSAML user discussion

[Michael Kjorling <>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jan 20 2011 10:21 -0500, from 

 (Paul Hethmon):
>> Can someone point me to a complete, working example of verifying
>> the signature on a Response instance using a key obtained from a
>> known metadata HTTP/HTTPS URL?
> 
> http://code.google.com/p/websso/

Thank you, Paul. This helped immensely.

For the benefit of anyone searching the archives in the future,
websso/MetaTest/trunk/src/metatest/Main.java (at SVN revision 599) has
code that uses HTTPMetadataProvider to obtain metadata, then validate
a signature on a Response object.

To use HTTPMetadataProvider, I was missing calls to setParserPool()
and initialize() prior to use of the instance.

That just leaves actually verifying the signature (currently, I'm
getting a ValidationException "Signature did not validate against the
credential's key", but that could just as easily be because I am doing
something wrong).

- -- 
Michael Kjörling .. 

 .. http://michael.kjorling.se
* ..... No bird soars too high if he soars with his own wings ..... *
* ENCRYPTED email preferred -- OpenPGP keys: 0x32D6B8C6, 0xBDE9ADA6 *
* ASCII Ribbon Campaign: Against HTML mail, proprietary attachments *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNOVMldY+HSb3praYRAv9vAKCP0bF/uJuwz0B/qjcKBjTVpLQEEwCglz1h
1GJOs9Z3cm0Av0yC3GSesFM=
=hVKh
-----END PGP SIGNATURE-----