Self Signed Certificate with SAML 2.0

Question

Self Signed Certificate with SAML 2.0

Can I sign a SAML 2.0 message with a self-signed certificate? I am responsible for introducing a new single sign-on procedure with a vendor using SAML 2.0, and we are trying to determine if we can sign a SAML message with a self-signed certificate or if we need to buy it.

If we can use a self-signed certificate, should the service provider take any additional steps to verify the signature? We create SAML 2.0 as an identity provider.

Thanks in advance.

+6

certificate self-signed saml-2.0

HawKe2005 Apr 30 '12 at 18:31

source share

2 answers

Scott T. · Answer 1 · 2012-05-01T03:05:55+0000

Yes, I assume that you mean signing a statement that is returned via the POST binding (see SAML 2.0 Profiles , section 4.1.4.5). The SAML 2.0 specification requires it to be signed for SSO, but is not part of the signed or self-signed CA specification.

Check with your software (both the IdP side and the SP side) to find out what is supported - some of them have limitations in this regard.

Toby hobson · Answer 2 · 2012-05-05T14:35:26+0000

The SAML specification actually recommends the use of long-term, self-signed certificates. See this document for more information.

Self Signed Certificate with SAML 2.0

More articles: