IdentityProvider and ServiceProvider certificates

SAML for ASP.NET
1

I implemented a ServiceProvider to be called from an external IdentityProvider.
The owner of the IdentityProvider asked me the public key of my certificate and the url of my metadata file.
I have a certificate.crt with the public key and i created a certificate.pfx with a private key protected with password. I generated the metadata file from certificate.pfx and the metadata.xml appears correct:
<md:KeyDescriptor use=“signing”>
<KeyInfo xmlns=“http://www.w3.org/2000/09/xmldsig#”>

certificate public key


</md:KeyDescriptor>

I configured my saml.config as follow:
<ServiceProvider Name=“xxxxxxxxx”
Description=“yyyyyyy”
AssertionConsumerServiceUrl=“~/SSO/AssertionConsumerService”
LocalCertificateFile=“Certificates\certificate.pfx”
LocalCertificatePassword=“zzzzzzz” />

<PartnerIdentityProvider Name=“tttttttt”
Description=“MVC Example Identity Provider”
SignAuthnRequest=“true”
PartnerCertificateFile=“Certificates\certificate.crt”/>

Is this correct?

Thank you

2

Hi Fabio
Yes, except the PartnerCertificateFile comes from the partner identity provider.
It’s used to verify signatures on SAML responses or assertions signed by them.
They should supply their certificate either as a file or as part of their XML metadata.
You’re welcome to email us your saml.config with the password removed, your metadata and any configuration information (eg metadata) from the IdP and we can double check it.

3
[quote]
ComponentSpace - 9/3/2018
Hi Fabio
Yes, except the PartnerCertificateFile comes from the partner identity provider.
It's used to verify signatures on SAML responses or assertions signed by them.
They should supply their certificate either as a file or as part of their XML metadata.
You're welcome to email us your saml.config with the password removed, your metadata and any configuration information (eg metadata) from the IdP and we can double check it.
[/quote]

I sent an email to support. The subject is PostID 9197

Regards,
Fabio
4

Received. Thanks.