The local certificate is used to sign SAML messages sent to the partner. The partner certificate is used to verify signatures on SAML messages received from the partner. If acting as the service provider there will almost always be a partner certificate as the SAML response or assertion should always be signed and the signature verified. Signing the SAML authn request sent to the identity provider as part of SP-initiated SSO is optional and if no signing occurs, a local certificate isn't required.
Regards ComponentSpace Development
|