Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?


Chronological Thread 
  • From: "Cantor, Scott E." <>
  • To: "" <>
  • Subject: RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?
  • Date: Thu, 28 Apr 2011 14:46:16 +0000
  • Accept-language: en-US

> I extracted singing certificate from Identity Provider and installed it in
> the
> relying party. I used the following code to validate the signature. Does
> signatureValidator.validate(signature) also validate the expiration date of
> the certificate or I have to write my own code to check if the certificate
> is
> expired?

The goal of the validator is to verify the signature. Trust management (doing
anything with the certificate) is separate. There is an extensive body of
code for that, and we suggest you abandon any notions of certificate
evaluation in favor of using SAML metadata for key comparison.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page