断言中的 SAML 签名验证

我有一个从第三方获得的SAML。我必须使用他们的公共证书对其进行验证。我以前做过这个，但这次签名在断言中，所以我的Response.getSignature()返回 null。

我正在使用Java OpenSAML库，所以现在即使我得到断言并从断言中获取签名，如下所示，我的SignatureValidature总是出错。

下面的代码片段：

main()....
{
response = (Response) parseSamlObject(samlString);
assertion = resp.getAssertion().get(0);
signature = assertion.getSignature(); // I get signature here
SignatureValidator signatureValidator = new SignatureValidator(getCredential());
signatureValidator.validate(sign); //ERRORS OUT HERE
....
}
private static Credential getCredential() throws org.opensaml.xml.validation.ValidationException, FileNotFoundException {
PublicKey key=null;
//Get Public Key
BasicX509Credential publicCredential = new BasicX509Credential();
Credential verifiyingCredential = null;
String certFileName = "myPublicCertificate.cer";
InputStream fileStream = MyClass.class.getClassLoader().getResourceAsStream(certFileName);
System.out.println("CertificateStream is Obtained from Resources......" );
java.security.cert.CertificateFactory certificateFactory=null;
java.security.cert.X509Certificate certificate=null;
try {
certificateFactory = java.security.cert.CertificateFactory.getInstance("X.509");
certificate = (java.security.cert.X509Certificate) certificateFactory.generateCertificate(fileStream);
} catch (CertificateException e3) {
e3.printStackTrace();
}
try {
fileStream.close();
} catch (IOException e2) {
e2.printStackTrace();
}
key= certificate.getPublicKey();//got publicKey here
//Validate Public Key against Signature
if (key != null) {
publicCredential.setPublicKey(key);
publicCredential.setEntityCertificate(certificate);
verifiyingCredential = publicCredential;
}
return verifiyingCredential;
}

每次出现以下错误：org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key

这是SAML：https://pastebin.com/D1Rwm5Y5
有什么想法吗？