in reply to Perl and SAML
The part of SAML which you need to verify the x.509 signature is XMLSec. This example (in C) illustrates how to use the C library to do this. Unfortunately, there aren't any perl bindings (yet) for this library (though the author is open to the idea).
Parsing the values out of the XML document is, as you say, the easy part ...
The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. — Cyrus H. Gordon