Is anyone familiar with how to use SAMLMetadataSignature.GetCertificate off of the ComponentSpace.SAML2.Metadata namespace to read/get a cert contained in the SAML metadata file? The SAMLMetadataSignature.GetCertificate method accepts and xmlelement. I have tried passing in the XML of the metadata. I started at root and gradually went down to lower level xmlelements all the way to the ds:X509Data xmlelement. However, I have not had success. The call to SAMLMetadataSignature.GetCertificate always returns (nothing). Hence, I am not able to get the cert from the metadata. Can someone elaborate on how this method should be used or on how best to get the cert from the SAML metadata xml.


The MetadataExample project demonstrates how to retrieve X.509 certificates from SAML metadata.

The relevant code from the MetadataExample project is shown below.

// Reads the X.509 certificates contained within an IdP or SP SSO descriptor
private static void ReadX509Certificates(RoleDescriptorType roleDescriptor) {
foreach (KeyDescriptor keyDescriptor in roleDescriptor.KeyDescriptors) {
KeyInfo keyInfo = new KeyInfo();

IEnumerator enumerator = keyInfo.GetEnumerator(typeof(KeyInfoX509Data));

while (enumerator.MoveNext()) {
KeyInfoX509Data keyInfoX509Data = (KeyInfoX509Data)enumerator.Current;

foreach (X509Certificate2 x509Certificate in keyInfoX509Data.Certificates) {
Console.WriteLine("X509 certificate: " + x509Certificate.ToString());

foreach (XmlElement xmlElement in keyDescriptor.EncryptionMethods) {
Console.WriteLine("Encryption method: " + KeyDescriptor.GetEncryptionMethodAlgorithm(xmlElement));