How to get BasicX509Credential from SAML 2.0 reponse

Question

I would like to validate the signature of the saml response. Currently I can get value of signature variable from assertion using OpenSAML. However, How to get publickey and publicCredential?

try {
            BasicX509Credential publicCredential = new BasicX509Credential();
            publicCredential.setPublicKey(publicKey);
            SignatureValidator signatureValidator = new SignatureValidator(publicCredential);
            signatureValidator.validate(signature);
        } catch (ValidationException e) {
            e.printStackTrace();
           // throw new InvalidAssertionException("Assertion signature validation failed.");
        }

score 0 · Answer 1 · answered Sep 02 '16 at 06:32

0

Two ways:

Get public key materials from IdP metadata.
Get public key materials from SAML Response (if it has so).

But ideally you should get public key materials from IdP metadata that you received during trust establishment between IdP and SP. This is because trust is established between IdP and SP at configuration time and not while receiving SAML Response from IdP during runtime.

answered Sep 02 '16 at 06:32

Zeigeist

3,755
3
20
22

Some examples would be really helpful. – GrandAdmiral Jan 12 '17 at 17:16

How to get BasicX509Credential from SAML 2.0 reponse

1 Answers1