I've validated the signature using SAMLSignatureProfileValidator
but from my understanding when I validate a signature using this, it only makes sure the response hasn't been tampered with. Ie it checks the structure of the signature to make sure it is well formatted.
How do I validate the SAML Assertion using the publicKey of a certificate I have from the IdP or a credential? Do I have to manually locate the certificate node and compare the value...? I am using OpenSAML3 and there is no SignatureValidator
so I can't pass in the pub key.
The Signature validator in OpenSAML V3 is no longer instantiated but instead a static method on SignatureValidator is used for validation. Use the SignatureValidator.validate method to validate the signature.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.