Viewing an SPs Signing Certificate in an AAD Enterprise Application

Matthew Crocker 261 Reputation points
2023-04-20T09:45:32.7733333+00:00

After using "Upload Metadata file" for an Enterprise Application is it possible to review/see the Service Provider (SP) signing certificate that has been uploaded. Similar to the ADFS functionality for Relying Parties seen under the Signature tab. The IdPs, token signing certificate details are readily available, but seemingly not the SPs. This assumes that the SPs certificates are ingested during the metadata upload. Thanks, Matthew

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,777 questions
{count} votes

Accepted answer
  1. Sandeep G-MSFT 14,826 Reputation points Microsoft Employee
    2023-04-25T10:34:56.4433333+00:00

    @Matthew Crocker

    There are multiple certificates that are used in ADFS. Token signing certificate is the one which is used by ADFS to sign the SAML response token that is sent to SP post authentication.

    The certificate which is used under Signature tab in relying party properties is the one which is used by SP to sign the SAML request token.

    Below is the flow which is used while authentication.

    User tries to access the application (SP). Application sends the SAML request to ADFS/Azure AD (IDP). ADFS/Azure AD authenticates the user and sends the SAML response back to application.

    SAML response is signed by a token signing certificate used in ADFS/Azure AD. This certificate will be present in IDP metadata. While configuration when this metadata is uploaded in applications

    And SAML request is signed by application. When the request reaches IDP, it has to validate the signature and then it accepts the SAML request. This certificate is uploaded on IDP side. This is the certificate used under Signature tab in relying party properties.

    If you are looking for this certificate in Azure AD then it is under SAML certificates, User's image

    Let me know if you have any further questions on this. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful