OpenSAML user discussion

["Gina Choi" <>]

Thanks Paul and Scott for your response. I thought that
signatureValidator.validate(signature) handles everything. By the way, do you
have any recommendation on dealing with trust management? For example, what
kind of items do I need to check except expiration date?
 
Gina  

-----Original Message-----
From: 

[mailto:]
 On Behalf Of Cantor, Scott
E.
Sent: Thursday, April 28, 2011 10:46 AM
To: 

Subject: RE: [OpenSAML] How to validate signing certificate of the SAML token
in the relaying party?

> I extracted singing certificate from Identity Provider and installed it in
the
> relying party. I used the following code to validate the signature. Does
> signatureValidator.validate(signature) also validate the expiration date of
> the certificate or I have to write my own code to check if the certificate
is
> expired?

The goal of the validator is to verify the signature. Trust management (doing
anything with the certificate) is separate. There is an extensive body of
code for that, and we suggest you abandon any notions of certificate
evaluation in favor of using SAML metadata for key comparison.

-- Scott