About certificate information as IdP using saml2 addon

I have created a new App in the Auth0 tenant as IdP in SAML, configured saml2 from addon and provided the certificate to SP as IdP configuration
As for this small name, is it a self-signed certificate or a legitimate certificate? And is there any expiration date etc.?

Hi @yk-ms,

Welcome to the Auth0 Community!

It looks like it’s self-signed according to this faq.

I don’t see anything about an expiration, more info about rotation here: Tenant Signing Key Rotation

The certificate is “legitimate” in that it’s correctly formed, but it’s not signed by a public CA (i.e. it is self-signed).

Expiration of the certificate is 13 years from tenant creation, or from the most recent tenant signing key rotation (@dan.woda shared a document about signing key rotation).

If you need to sign SAML requests with a key bound to a certificate issued by a public CA you can do so.. Note this document is a bit out of date and specifies using a rule to set the keypair. You can accomplish the same thing using actions and the api.samlResponse.setCert(cert) and api.samlResponse.setKey(key) methods.

1 Like

Thanks for the info @matt.macadam!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.