Reputation: 31
Sorry for my English since I'm not a native speaker.
I'm doing federation as SP for 3rd party IdP and I need to include the full chain certificate, but it gives me the error MSIS3014, Not valid certificate. The problem is the third party doesn't trust my intermediate certificate and I can't install it on their machine.
I tried to include all certificates into the metadata xml through 3 different nodes X509Certificate but it still gives me the error.
I need an example of full cer chain in SAML metadata for make this work. Tried to find but couldn't. Thanks.
Upvotes: 1
Views: 954
Reputation: 2744
To the best of my knowledge there is no specification published which defines how a certificate chain has to be represented in the SAML meta data. The SAML meta data interoperability profile only specifies that every certificate has to be placed in a separate <md:KeyDescriptor>
element. You may need to engage with your third party's SAML implementation vendor, to find out how they handle things.
Upvotes: 1