Menu
Is it possible to sign a SAML 2.0 post with a self-signed certificate? I am in charge of implementing a new SSO procedure with a vendor using SAML 2.0 and we trying to determine if we can sign the SAML post with a self-signed certificate or if we need to buy one.
If we can use a self-signed certificate, does the Service Provider need to do any additional steps to verify the signature? We are creating the SAML 2.0 post as the Identity Provider.
Thanks in advance.
455
Yes, I assume you mean signing the Assertion that is returned via POST binding (see SAML 2.0 Profiles, section 4.1.4.5). The SAML 2.0 specification mandates it be signed for SSO, but doesn't get into specifics of CA signed vs. self-signed.
Check with your software (both IdP and SP side) to see what is supported - some have limitations in this regard.
180
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
