My project is IdP-initiated SSO with signature and encryption. I was reading the whole Guides you provided me but I didn’t find how is the process of certificate validation. When occurs the certificate validation and with what method/class occurs?
Also, I was trying to create IdP Metadata (with CreateMetadata.exe) and I don’t know what I have to write in the “X.509 signature certificate file” field. I know is the path of the file (the certificate in the screenshot is “www.liventus.com”), but how can I know whats my path? I am attaching a screenshot.
Thanks in advance,
Jorge
We don’t validate certificates. In many cases, self-signed certificates are used so validating the certificate chain etc isn’t applicable.
If you wish to validate certificates you should do this within your application.
We recommend not doing this in-band as part of the SAML SSO processing as this could slow performance if, for example, off-server CRL checks are performed as part of the validation. Instead, if required, we recommend validating certificates out-of-band (eg on a nightly basis).
CreateMetadata expects the certificate to be in the file system. It doesn’t support accessing the Windows certificate store. You should use the Certificates MMC snap-in, as shown, to export the certificate as a base-64 encoded .CER file. Use this file when prompted by CreateMetadata. Our SAML Metadata Guide includes information on using CreateMetadata.