1

I had researched following articles and I had configured ADFS and SAML Response was received successfully in relaying party.

To add relaying party I refereed this article:

In this configuration they have given sample page to send SAMLAuthnRequest by calling https://<>/adfs/ls/IdpInitiatedSignOn.aspx. What I need is to generate SAMLRequest and need to authenticate with adfs.

For that, I had referred here and here

There, They had specified that I need to generate a private key and certificate with public key and associate it with relaying party.

Please any one suggest me where I need to add that certificate? In some articles they have given token signing certificate. But it is used to sign the SAMLResponse only.

Community
  • 1
  • 1

1 Answers1

0

The certificate that the RP uses needs to be generated by the RP not by ADFS - it's not an ADFS certificate.

So you need to generate a certificate with a private key and store it on the RP side. The certificate details need to be in the RP metadata which is imported by ADFS.

That way ADFS knows what certificate to use when it checks the signature.

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • Thank you for your response. I am little confused with token signing certificate. May I know what is the use of that? whether I need to use that certificate to sign the SAMLRequest or I need to generate certificate with private key and I need to sign with that, If I need to sign generated certificate with private key means then where I need to add that certificate in ADFS configuration. Thanks. –  Dec 20 '13 at 09:36
  • The token signing certificate is so that the RP can validate the IP claims SAML token signature. To sign the SAML Request, you need to generate your own key and add that key to the RP metadata which you then import into ADFS. – rbrayb Jan 03 '14 at 00:48