I'm working on a project where I need to validate an embedded signature in an XML file (SAML assertion) against a public key located on a remove server.
Has anyone done this in PHP?
I'm working on a project where I need to validate an embedded signature in an XML file (SAML assertion) against a public key located on a remove server.
Has anyone done this in PHP?
I think the answer you are looking for lies within the documentation of PHP in the user comments:
openssl_verify() - User Comment
That should help you out. And just remember, as long as you can fetch the cert file, you can use cURL() to fetch that instead of fread, if it is needed (or at least in theory you should be able to).