ComponentSpace

Forums



Which cert is used to sign messages for local SP?


Which cert is used to sign messages for local SP?

Author
Message
Ben G
Ben G
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Forum Members
Posts: 9, Visits: 62
Hi there,

Our software is a SP, we let customers authenticate to our service using their own IdPs. We are using the high level API and we have a local certificate we are (I believe) signing messages with. However, this certificate is about to expire so we want to switch over to our new certificate. In the local service provider configuration, you can specify more than 1 local certificate. However, it makes sense that it would only use 1 certificate to sign the messages. You would only use multiple certificates if you were trying to decrypt a message (I believe).

Am I correct in assuming that it signs the messages only with the first certificate you specify in the LocalCertificates section, and it ignores the rest?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Your understanding is correct. The first certificate is used for signing. Multiple certificates only make sense for decrypting.

Also note that you can specify local certificates on the partner identity provider configurations as well. If this is done, these certificates are used instead of the certificate(s) in the local service provider configuration. This helps with staggering the roll out of your certificate to the various partner identity providers.

More information may be found in our Certificate Guide.

https://www.componentspace.com/Forums/8238/Certificate-Guide


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search