This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 17%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hello Everyone,
I'm looking for an answer. we are implementing SAML using component space for multitenant organizations and we need to download the certificates from Microsoft's common FederationMetadata.xml to make it work. however, we are aware that the certificates might change over time, so we're building a tool to check the FederationMetadata.xml every 10 seconds to compare the current certificates we have but when we run the tool every few seconds the IDPSSODescriptor node certificates keep on changing. we tried to check it on the browser and Postman and got the same results. Does someone know the answer to this?
Here is the link to FederationMetadata.xml: https://login.microsoftonline.com/common/FederationMetadata/2007-06/FederationMetadata.xml
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
By default, Microsoft Entra ID configures a certificate to expire after three years when it's created automatically during SAML single sign-on configuration. To gain a clearer understanding of the issue, could you please provide the FederationMetadata.xml file?
Thanks,
Navya
Hello Navya,
Good day, thank you for your response.
Here is the link where I always read the XML file.
https://login.microsoftonline.com/common/FederationMetadata/2007-06/FederationMetadata.xml
Upon reading the XML file I save each X509Certificate node to .CER file and use it to implement the SAML however from the tool that I've created upon reading the FederationMetadata.xml for every few seconds the count and some of the values of X509Certificate from the IDPSSODescriptor section keep on changing, resulting in the tool keeping on notifying us that the certificates have been changed.
Please see the attached images for your reference. From the first image, I manually loaded the XML from the browser and I got 6 certificates and on the second one, I got 7 certificates. could you please explain why it is happening?