I found a great library on github that both handles validation of the SAML Token and if you are feeling adventurous is a good tutorial on how to use OpenSAML. The library is called Auth10-Java and it does a great job of breaking down SAML token validation. FYI it also handles WS-Federation protocol.
Public List<Claim> validateAuthenticationResponse(String yourToken){
SamlTokenValidator validator = new SamlTokenValidator();
validator.setThumbprint("thumbprint from the thinktecture idp server or what ever idp you are using");
validator.getAudienceUris().add(new URI(“http://localhost:8080/javafederationtest”);
//validator.setValidateExpiration(false); //This can be used to stop validation of the expiration fields in the token.
List<Claim> claims = validator.validate(yourToken); //A Federation Exception is thrown if the token is invalid
System.out.println(claims.toString()); //This will show the claims asserted by the token!
}
This worked great for me and better yet I am learning heaps about SAML and OpenSAML from this library! Just be sure to include all dependencies in your projects build path!