Validate signed assertion embedded in SAMLResponse

I work with OpenSaml library, I want to validate signed assertion (XML Signature) embedded in SAMLResponse that is not signed. Always the validation fail, there are a way to validate the signed assertion without his parent (Response) ? Or, another another way to do it ?

Solution

The problem here that when I sign the assertion, the id of the signature is referenced to the Response and not to the assertion. So, I fix this by referencing the id of the signature to the assertion and not to the response. see here (page 71, section 5.4.2)

Simple way to put AWS Lambda app behind SAML authentication
Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
How to solve the xmlsec Error: (100, 'lxml & xmlsec libxml2 library version mismatch')
Mendix and Azure Ad B2C AuthRequest does not have assertion consumer service URL
Authenticate requests session with login.microsoftonline.com
Python SSO: pysaml2 and python3-saml
How to create public and private key with OpenSSL?
How to change NameID in SimpleSAMLphp
Add SHA1 to signxml python
What causes a Responder status in a SAML response
How to validate a SAML token from ADFS 3.0 in an ASP.NET Core Web API
Moodle intergration with ADFS--Plugin SAML2 Single sign on
Python Django ModelViewSet implementation with SAML ACS
openconnect with gp does not prompt for SAML authentication in command line
Integrate SAML in Laravel using existing Idp and SP
Keycloak as a Service Provider - setting up a signing certificate
Keycloak: Unique SAML endpoint per SAML Client in the same Realm
Implement single signon (SSO) using SAML in java and AzureAD as IDP
SSO/SAML trace on Android/iOS
Firebase , Active Directory - Will AD users get created in Firebase as well?
Security concerns with providing SAML metadata on public URL
SOAP Header Invalid Signature on Timestamp
Error authenticating to SonarQube using SAML Okta
Why signature need in SAML request for ADFS?
what is the Best practice for token expiration - Use received token expiry or create and configure JWT expiry?
SAML, setting ACS Url to localhost for desktop app
Detect if user is identified and get the data
Why Statements has only getter and can't be set through the only constructor in Saml2Assertion?
Is there a way use SAML IDP with Sonatype nexus repository manager?
Providing a generic PartnerEntity for SAML federation of SAML in Azure B2C