federationmetadata.xml SSO invalid certificates


  • Hi,

    The question is about single-sign-on with saml 2 and Azure AD Application and I got this working but I have a question regarding the x509 certificates.

    Right now I'm using the certificate in <Signature> This is working fine for the most time but sometimes, I guess when the certificate is changed, the certificate is invalid for a while. As I understands it the certificate should be fetched from the <IDPSSODescriptor> but it always returns more than one certificate and it's always just one that's valid. That's why I'm using the one in <Signature> but it isn't always working either.

    Why does return invalid certificates?

    Can I somehow know if a certificate is valid without trying to login?

    When you decode the certificates all seems to be fine, it's valid and has not expired but it isn't working anyway. The single sign on service url looks like this<id>/saml2

    Can I somehow use one "private" certificate that always is valid by doing something in the Azure AD?

    Thanks in advance!

    Friday, April 28, 2017 9:01 AM

All replies

  • Did you check this
    Thursday, July 13, 2017 6:02 AM