Every SAML object that implements the SignableXMLObject interface can be signed.
The signing of a SAML message is done in three steps. First all the properties for the signature is put in a Signature object. Properties that can be set include singing credentials, algorithm and optionally a key info object that can bu used during verification.
signature.setSigningCredential(credential); signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);The Signature object is then added to the SAML object using the setSignature method.
entityDescriptor.setSignature(signature); The second step is to marchal the object. This must be done before signing or else you will get a message like this.
SEVERE: Unable to compute signature, Signature XMLObject does not have the XMLSignature created during marshalling.
Element element = Configuration.getMarshallerFactory().getMarshaller(entityDescriptor).marshall(entityDescriptor);The third step is to perform the actual signing to produce a cryptographic signature, this is done with the Signer class.
Signer.signObject(signature);Here is how the signed object might look after signing and marshalling.
Further readingThis is not a book specifically on OpenSAML but I do recommend it as i does have some chapters on how XML signatures work. This is the same standard as the one used by SAML and OpenSAML.
This is a very good book for those that want get an intro to cryptography. Helped me alot in understanding public key cryptography.