We're always happy to answers questions so please don't worry about that.
The local certificate is used to sign SAML messages sent to the IdP or to decrypt SAML assertions received from the IdP. If neither occurs this certificate isn't used and in fact doesn't need to be configured.
The SAML authn request sent to the IdP as part of SP-initiated SSO is signed using the local certificate's private key, if the PartnerIdentityProviderConfiguration.SignAuthnRequest property is set to true. Even if the authn request is signed, if the IdP isn't configured with the SP's certificate it will most likely ignore the signature and continue to process the authn request. Not all IdPs support verifying authn request signatures.
Encryption of the SAML assertion isn't commonly performed although of course we do support it. PartnerIdentityProviderConfiguration.WantAssertionEncrypted requires the SAML assertion to be encrypted and the local certificate's private key is used to perform the decryption.
Regards ComponentSpace Development
|