I've validated the signature using SAMLSignatureProfileValidator but from my understanding when I validate a signature using this, it only makes sure the response hasn't been tampered with. I.e. it checks the structure of the signature to make sure it is well formatted.
How do I validate the SAML Assertion using the publicKey of a certificate I have from the IdP or a credential? Do I have to manually locate the certificate node and compare the value...? I am using OpenSAML3 and there is no SignatureValidator so I can't pass in the pub key.
