Hi,
I’m creating a service provider. Is it possible to have the IdP’s that will be using our system to use a SHA-1 fingerprint of the certificate instead of the full certificate? It would be stored in the database. Just makes it a little easier to work with the shorter string.
Thanks
Do you mean you want to store the partner IdP certificates in your database as SHA-1 fingerprints rather than the entire certificate?
The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that’s stored elsewhere (eg file system or Windows certificate store).
Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.
[quote][/quote]
Do you mean you want to store the partner IdP certificates in your database as SHA-1 fingerprints rather than the entire certificate?
The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that's stored elsewhere (eg file system or Windows certificate store).
Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.
The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that's stored elsewhere (eg file system or Windows certificate store).
Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.
Yes, I meant only using the SHA-1 fingerprint
Isn't the IdP's certificate included in the SAML Request from the IdP? Couldn't the SHA-1 be generated from that and compared to what's stored in the SP's database?
Thanks for the response!
[quote][/quote]
Do you mean you want to store the partner IdP certificates in your database as SHA-1 fingerprints rather than the entire certificate?
The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that's stored elsewhere (eg file system or Windows certificate store).
Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.
The actual certificate is required to perform signature verification. The fingerprint is only good for identifying a certificate that's stored elsewhere (eg file system or Windows certificate store).
Most implementations that store the SAML configuration in a database store the certificates as base-64 encoded strings.
Yes, I meant only using the SHA-1 fingerprint
Isn't the IdP's certificate included in the SAML Request from the IdP? Couldn't the SHA-1 be generated from that and compared to what's stored in the SP's database?
Thanks for the response![/quote]
Actually I'm a dummy. Forget I asked!
Thanks again!
No worries. Thanks.