Private key for iDP?

  • Mike McDermott
    # 2 weeks, 5 days ago

    Hi,

    I am evaluating miniorange for potential use as an iDP for our platform and I noted that when configuring miniorange as an iDP a certificate is provided but no private key. Without a private key for the certificate I cannot verify that the digital signature you are sending in the SAML response is valid.

    Where do I go to get the private key? I imagine it has to be somewhere as you couldn’t generate the certificate without it.

    Thanks

    Kalpesh
    Keymaster
    # 2 weeks, 5 days ago

    Hi Mike,

    The private key is never required to verify the signature of SAML response and it is meant to stay with IdP only so that no one else other than IdP can create SSO response.

    You can download the public certificate from miniOrange IdP and it can be used to verify the signature.

    If you can tell me which client application you are using and language in case of custom application, I can send you the configuration guide or code sample.

    Mike McDermott
    # 2 weeks, 5 days ago

    That clears it up, I’m new to SSO and I was confused about how it worked. Thanks

Viewing 3 posts - 1 through 3 (of 3 total)

Reply