# File lib/omniauth/strategies/saml/xml_security.rb, line 48
          def validate(idp_cert_fingerprint, soft = true)
            # get cert from response
            base64_cert = self.elements["//ds:X509Certificate"].text
            cert_text   = Base64.decode64(base64_cert)
            cert        = OpenSSL::X509::Certificate.new(cert_text)

            # check cert matches registered idp cert
            fingerprint = Digest::SHA1.hexdigest(cert.to_der)

            if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
              return soft ? false : (raise OmniAuth::Strategies::SAML::ValidationError.new("Fingerprint mismatch"))
            end

            validate_doc(base64_cert, soft)
          end