x509 certificate in SAML2 IdP response

Rob Ansaldo rlansaldo at amherst.edu
Wed May 27 10:02:26 EDT 2015

I am working with a vendor as a service provider that is having trouble validating our IdP SAML2 response to their urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST endpoint. In troubleshooting this problem, I observed that our Shibboleth 2.4 IdP is sending the SP’s x509 certificate in the response, but signing the response properly with our own certificate. I would think this should be our x509 certificate in the response. Which certificate should be in there? If it is the IdP cert, how has this been working fine with so many SPs and where did I mess up the config to do this?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://shibboleth.net/pipermail/users/attachments/20150527/c20501a1/attachment.sig>

More information about the users mailing list