Reputation: 31
Full chain certificate on SAML SP metadata
Sorry for my English since I'm not a native speaker.
I'm doing federation as SP for 3rd party IdP and I need to include the full chain certificate, but it gives me the error MSIS3014, Not valid certificate. The problem is the third party doesn't trust my intermediate certificate and I can't install it on their machine.
I tried to include all certificates into the metadata xml through 3 different nodes X509Certificate but it still gives me the error.
I need an example of full cer chain in SAML metadata for make this work. Tried to find but couldn't. Thanks.
Upvotes: 1
Views: 954
Answers (1)
Reputation: 2744
To the best of my knowledge there is no specification published which defines how a certificate chain has to be represented in the SAML meta data. The SAML meta data interoperability profile only specifies that every certificate has to be placed in a separate <md:KeyDescriptor> element. You may need to engage with your third party's SAML implementation vendor, to find out how they handle things.
Upvotes: 1
Related Questions
- how to get saml-metadata for keycloak as sp with certificate
- How to use a X509 certificate as a public key in SAML response
- Saml2Assertion to XML is empty
- Multiple certificate in SAML metadata xml file
- OpenSAML: Include X509 Certificate in EncyptedAssertion
- How to verify SAML certificates?
- SAML with a SKI instead of certificate in X509Data node
- SAML 2.0 SP metadata: Purpose and the use of certificate
- Self-Signed Certificate with SAML 2.0
- Encrypted and encoded XML representation of X.509 Certificate for SAML metadata