mace-opensaml-users - [OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo

Subject: OpenSAML user discussion

List archive

[OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo

From: "" <>
To:
Subject: [OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo
Date: Tue, 05 Jul 2011 07:12:02 -0500

Hi,

I'm new to SAML, so please forgive any stupid questions.

I am on the SP side of a SAML AuthnResponse. It is signed, but
the Signature doesn't have a KeyInfo element. However, I do have the metadata file with
the public signing key. It seems most of the Signature validation examples assume that
there is a KeyInfo, so I'm trying to figure out how to use the public key in the metadata file.
If anyone has an example, please let me know.

FYI, below is what I'm trying. It seems to me that it should work but
I keep getting an invalid signature error. Can you see anything that
I'm doing wrong?

public void testValidateSignature() throws Exception {
DefaultBootstrap.bootstrap();

DOMMetadataProvider mdProvider = getMetadataProvider();
EntityDescriptor entityDescriptor = (EntityDescriptor) mdProvider.getMetadata();

MetadataCredentialResolver mdResolver = new MetadataCredentialResolver(mdProvider);

CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria(entityDescriptor.getEntityID()));
criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, null));

Credential signingCredential = mdResolver.resolve(criteriaSet).iterator().next();

Response authnResponse = getAuthnResponse();
Signature signature = authnResponse.getAssertions().get(0).getSignature();

SignatureValidator sigValidator = new SignatureValidator(signingCredential);
sigValidator.validate(signature); // always returns false
}

[OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo, , 07/05/2011

List archive

[OpenSAML] Example for verifying AuthnResponse signature without a KeyInfo