Forums, Documentation & Knowledge Base - ComponentSpace

IdP metadata 2 certificates: 1st is to sign the metadata themselves, 2nd to sign the SAML response

By mlam - 5/24/2021

The IdP (PingFederate) metadata will contain 2 certificates: the first is to sign the metadata themselves, the second to sign the SAML response. 

From the SAML.config. I only can see PartnerIdentityProvider. May I know how to configure the above into the SAML.config?

<PartnerIdentityProvider Name="x"
By ComponentSpace - 5/25/2021

The saml.config doesn't include the certificate to verify the metadata signature. The PartnerCertificateFile specifies the certificate to use to verify signatures on SAML messages send by the IdP.