Extra validation for signature

pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>org.openconext</groupId>
     <artifactId>saml-idp</artifactId>
-    <version>0.0.8-SNAPSHOT</version>
+    <version>1.0.0</version>
     <name>saml-idp</name>
 
     <properties>

src/main/java/saml/DefaultSAMLService.java

@@ -174,7 +174,10 @@ private void validateSignature(SignableSAMLObject target, Credential credential,
                 throw new SignatureException("Signature element not found.");
             }
         } else {
+            //The docs state that implementations of SignaturePrevalidator do NOT perform the actual cryptographic validation of the signature against key material.
             this.samlSignatureProfileValidator.validate(signature);
+            //For the actual cryptographic validation.
+            SignatureValidator.validate(signature, credential);
         }
     }