We don't validate certificates. In many cases, self-signed certificates are used so validating the certificate chain etc isn't applicable. If you wish to validate certificates you should do this within your application. We recommend not doing this in-band as part of the SAML SSO processing as this could slow performance if, for example, off-server CRL checks are performed as part of the validation. Instead, if required, we recommend validating certificates out-of-band (eg on a nightly basis).
CreateMetadata expects the certificate to be in the file system. It doesn't support accessing the Windows certificate store. You should use the Certificates MMC snap-in, as shown, to export the certificate as a base-64 encoded .CER file. Use this file when prompted by CreateMetadata. Our SAML Metadata Guide includes information on using CreateMetadata.
Regards ComponentSpace Development
|