Ask HN: Should You Include a Certificate in a SAML AuthnRequest?
5 points
1 day ago
| 2 comments
| HN
When implementing SAML authentication, one question often arises:Should the Service Provider (SP) include its certificate directly in the <AuthnRequest>?
oftenwrong
1 day ago
[-]
I am not an expert in SAML, but my understanding is that the cert is typically included in the SP metadata. It seems to me that icluding the SP cert in the AuthnRequest would defeat the purpose of signing the request. Is that supported in the standard?
reply
stop50
1 day ago
[-]
Why, the other side should already know it.
reply