@mark-robustelli Well, here are some screenshots:
at first I added a new IdP - via API POST /api/identity-provider - and the existing dummy/placeholder certificate is linked:
-> this is the only IdP
then I import - via API POST /api/key/import - the correct certificate:
but I do not link this in the IdP, and so do not set the Verification key
Do I get it right, that the login should not work in that case? But I am able to login via this EntraID IdP.
I used this guide to setup and EntraID IdP: https://fusionauth.io/docs/lifecycle/authenticate-users/identity-providers/enterprise/azure-ad-saml. Except that I forgot to configure the verification key in my SAML IdP. So here are the steps in detail:
So I skipped adding the correct certificate to the SAML2 IdP and I was not expecting to be able to login, but it worked. If I remove the correct certificate from Key Master again, I cannot authenticate successfully.
Does this help?
Hi everyone,
I set up a SAMLv2 identity provider in FusionAuth and also generated a dummy certificate, which I linked to this IdP as the verification key. Then I uploaded the correct certificate, but did not set this as the new verification key. However, I was able to login, so I assume, that the correct - later uploaded - certificate was used to verify the signature.
So my question is: What is the purpose of the verification key in the identity provider?
Thank you!