For SSO Setup between AZURE(IDP) and ADFS(SP), Is certificate necessary?

Abhishek Choudhary 1 Reputation point
2019-12-04T02:21:21.997+00:00

We provide customer with metadata but they insist on for Entity ID and ACS URL. At the end SSO works. Is there a certificate on Azure side involved here? We have customer certificate on ADFS side

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,083 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,441 Reputation points
    2019-12-04T06:29:33.823+00:00

    @Abhishek Choudhary ,
    To federate ADFS as SP with Azure AD, we need only the Entity ID and ACS URL. Even if we establish the federation by uploading the metadata only the Entity ID and ACS URL are picked by Azure AD from the metadata.

    On the other side, as Azure AD issues signed token to SPs, a certificate (Public key of the Azure AD's token signing certificate) is needed on the ADFS side. So that, ADFS can decrypt the hash of the signed token to ensure its integrity.

    ------------------------------------------------------------------------------------------------------------

    Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

    0 comments No comments