Hi everyone,
I set up a SAMLv2 identity provider in FusionAuth and also generated a dummy certificate, which I linked to this IdP as the verification key. Then I uploaded the correct certificate, but did not set this as the new verification key. However, I was able to login, so I assume, that the correct - later uploaded - certificate was used to verify the signature.
So my question is: What is the purpose of the verification key in the identity provider?
Thank you!