Hi everyone,
in another post in this forum, I read, that one could e. g. use the same SSL certificate (X.509) for the SAML signing/encryption as e. g. used on a webserver, that is offering HTTPS. For HTTPS it is essential, that the CN equals the hostname, that the user is entering in his/her browser- otherwise it will complain about a non-matching CN. This is for HTTPS traffic.
Now let's assume I am writing a service, that is going to use the SAML component utilizing a X.509 certificate. I want this service to be valid for any customer... what CN would I choose for this certificate? Has the CN to match the hostname that the SAML services are running on? Would it be ok to choose s. th. general like saml.mycompany.com as CN for the certificate and use it for any type of SAML action?
|