Hi,
New to this so apologies in advance for what is probably a silly question.
I have downloaded the 30 day trial ahead of purchase and from following the web forms examples have everything working on my test website which is great.
My question relates to the certificate files sp.pfx, idp.cer and sp.cer that were included in the example.
Is it the case that I as a service provider will need to send my certificate and private key to the identity provider and the identity provider will need to send me their certificate and private key?
Thanks in advance
You will need to exchange public keys/certificates (typically as .CER files). You should never give your private key to anyone (eg .PFX file).
As the service provider, your private key is used to sign the authn request you send to the identity provider. The identity provider uses your public key to verify the signature.
The identity provider signs the SAML response or assertion using their private key. The service provider uses the identity provider’s public key to verify the signature.
So, you should supply the identity provider with your public key (eg the test SP.cer file or your own certificate). The identity provider will supply you with their public key (eg equivalent to the test IdP.cer file).
Thanks for the reply, most helpful.