Xar
Xar

Reputation: 31

Full chain certificate on SAML SP metadata

Sorry for my English since I'm not a native speaker.

I'm doing federation as SP for 3rd party IdP and I need to include the full chain certificate, but it gives me the error MSIS3014, Not valid certificate. The problem is the third party doesn't trust my intermediate certificate and I can't install it on their machine.

I tried to include all certificates into the metadata xml through 3 different nodes X509Certificate but it still gives me the error.

I need an example of full cer chain in SAML metadata for make this work. Tried to find but couldn't. Thanks.

Upvotes: 1

Views: 954

Answers (1)

Bernhard Thalmayr
Bernhard Thalmayr

Reputation: 2744

To the best of my knowledge there is no specification published which defines how a certificate chain has to be represented in the SAML meta data. The SAML meta data interoperability profile only specifies that every certificate has to be placed in a separate <md:KeyDescriptor> element. You may need to engage with your third party's SAML implementation vendor, to find out how they handle things.

Upvotes: 1

Related Questions