When implementing SAML authentication, one question often arises:Should the Service Provider (SP) include its certificate directly in the <AuthnRequest>?
I am not an expert in SAML, but my understanding is that the cert is typically included in the SP metadata. It seems to me that icluding the SP cert in the AuthnRequest would defeat the purpose of signing the request. Is that supported in the standard?
oftenwrong|9 months ago
stop50|9 months ago