Skip to Content.
Sympa Menu

mace-opensaml-users - [OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo

Subject: OpenSAML user discussion

List archive

[OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo

Chronological Thread 
  • From: "" <>
  • To:
  • Subject: [OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo
  • Date: Tue, 05 Jul 2011 07:12:02 -0500


I'm new to SAML, so please forgive any stupid questions. 

I am on the SP side of a SAML AuthnResponse.  It is signed, but 
the Signature doesn't have a KeyInfo element.  However, I do have the metadata file with 
the public signing key.   It seems most of the Signature validation examples assume that 
there is a KeyInfo, so I'm trying to figure out how to use the public key in the metadata file. 
If anyone has an example, please let me know. 

FYI, below is what I'm trying.  It seems to me that it should work but 
I keep getting an invalid signature error.  Can you see anything that 
I'm doing wrong? 

  public void testValidateSignature() throws Exception { 

        DOMMetadataProvider mdProvider = getMetadataProvider(); 
        EntityDescriptor entityDescriptor = (EntityDescriptor) mdProvider.getMetadata(); 

        MetadataCredentialResolver mdResolver = new MetadataCredentialResolver(mdProvider); 

        CriteriaSet criteriaSet = new CriteriaSet(); 
        criteriaSet.add(new EntityIDCriteria(entityDescriptor.getEntityID())); 
        criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, null)); 

        Credential signingCredential = mdResolver.resolve(criteriaSet).iterator().next(); 

        Response authnResponse = getAuthnResponse(); 
        Signature signature = authnResponse.getAssertions().get(0).getSignature(); 

        SignatureValidator sigValidator = new SignatureValidator(signingCredential); 
        sigValidator.validate(signature);  // always returns false 

  • [OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo, , 07/05/2011

Archive powered by MHonArc 2.6.16.

Top of Page