FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    What is the verification key in a SAMLv2 IdP used for?

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    4
    123
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      biwi
      last edited by

      Hi everyone,

      I set up a SAMLv2 identity provider in FusionAuth and also generated a dummy certificate, which I linked to this IdP as the verification key. Then I uploaded the correct certificate, but did not set this as the new verification key. However, I was able to login, so I assume, that the correct - later uploaded - certificate was used to verify the signature.

      So my question is: What is the purpose of the verification key in the identity provider?

      Thank you!

      mark.robustelliM 1 Reply Last reply Reply Quote 0
      • mark.robustelliM
        mark.robustelli @biwi
        last edited by

        @bianca-wittig Can you please describe the steps you are taking in a little more detail. It may help us understand your question a little better.

        1 Reply Last reply Reply Quote 0
        • B
          biwi
          last edited by

          I used this guide to setup and EntraID IdP: https://fusionauth.io/docs/lifecycle/authenticate-users/identity-providers/enterprise/azure-ad-saml. Except that I forgot to configure the verification key in my SAML IdP. So here are the steps in detail:

          • generate a dummy/placeholder certificate in Key Master
          • create a SAML2 IdP with this certificate
          • download the correct certificate from EntraID
          • import this certificate into Key Master
          • enable the SAML2 IdP
          • authenticate successfully via this SAML2 IdP

          So I skipped adding the correct certificate to the SAML2 IdP and I was not expecting to be able to login, but it worked. If I remove the correct certificate from Key Master again, I cannot authenticate successfully.

          Does this help?

          mark.robustelliM 1 Reply Last reply Reply Quote 0
          • mark.robustelliM
            mark.robustelli @biwi
            last edited by

            @biwi It sounds like the keys may have gotten switched or something odd. Is it possible to wipe everything out at try again from scratch? Also, check out this blog post as it may be useful for you as well.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post