Reputation: 556
Which certificate should be installed on Relying party?
Suppose I have a private key certificate on IDP side. Idp signed saml response and send it to RP. RP will do digital verification of saml response with public key certificate of idp. Do I need to install idp's public key certificate and root certificate on RP's machine for chain trust.?? Or just need to install ROOT Certificate
Upvotes: 2
Views: 283
Answers (1)
Reputation: 4334
Yes, in short, the root certificate public key has to be installed on the RP machine to gain a valid chain trust.
If the IdP trust is configured using the IdP metadata, the IdP signing certificate is automatically downloaded to the RP. Therefore, only the root certificate public key has to be installed on RP machine to gain a valid chain trust.
Otherwise if the RP do not use the IdP metadata. The IdP public key has to be accessibly for the RP (installed or as a file) and the root certificate public key have to be installed on the RP machine.
Upvotes: 2
Related Questions
- Adding Certificate .CER to SAML2 Configuration ITfoxtec.Identity.Saml2
- Wrong Issuer in ClaimsIdentity on Itfoxtec binding
- ITfoxtec SAML 2.0 and .NET ASPX application (not MVC)
- Multiple certificates for Issuer ITfoxtec.Identity.Saml2
- Why exists the SigningCertificateFile in ITfoxtec.Identity.Saml2
- ITfoxtec Idp-initiated SSO to SP
- SAML authentication with client certificate but without user interaction using ITfoxtec.Identity.Saml2
- SigningCertificateFile.pfx needed?
- Which one certificate to buy for SAML encryption and signing
- SAML 2 IdP - should you create a different certificate for each Service Provider?