Can't get the IDP certificate for my azure application

Question

I want to integrate SAML authentication in a third party tool with Azure application and it is required to use an IDP certificate so I tried to use one of the X509 certificates generated in the Federation metadata document (Application overview > Endpoints > Federation metadata document), but since I found multiple certificates in that document I am wondering which one of these certificates is the right IDP certificate and it can't be changed?

Answer 1

In Federation metadata document, you can find X509 certificates which are available in long string format present between < X509Certificate > tags.

Copy and paste those values in notepad and save the file with an extension .crt. If you double-click(open) that .crt file, it will display validation date of certificates. Check those expiration dates to confirm whether they are right IDP certificates or not.

In that Federation metadata document, you are finding multiple certificates because the certificates have different expiry dates. This means even if one expires, your application no need to wait until it receives other one to continue processing, as it automatically uses the second one.

For more information in detail, please go through below reference if it is helpful.

Reference: Convert a X.509 Certificate from Metadata