Opensaml Assertion Signature validation failed for decrypted Assertion

Question

I have decrypted a SAML assertion using Opensaml. Although decryption happens without a error, when I tried to validate the Signature of that Assertion it fails with the error

"org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #eimakmeiiebhiefoopoogamnnbibdpkfloophhdd has no XMLSignatureInput"

(For the same configuration if I didn't use encryption, signature validation happens fine)

Answer 1

Found that this is an issue with the Decrypter. Problem was decrypted Assertion wasn't properly rooted. By calling setRootInNewDocument(true) of the Decrypter before the decryption, you can have properly rooted Assertion. So Signature validation will succeed.