question

AbhishekChoudhary-8649 avatar image
0 Votes"
AbhishekChoudhary-8649 asked ·

For SSO Setup between AZURE(IDP) and ADFS(SP), Is certificate necessary?

We provide customer with metadata but they insist on for Entity ID and ACS URL. At the end SSO works. Is there a certificate on Azure side involved here? We have customer certificate on ADFS side

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@AbhishekChoudhary-8649 , To federate ADFS as SP with Azure AD, we need only the Entity ID and ACS URL. Even if we establish the federation by uploading the metadata only the Entity ID and ACS URL are picked by Azure AD from the metadata.

On the other side, as Azure AD issues signed token to SPs, a certificate (Public key of the Azure AD's token signing certificate) is needed on the ADFS side. So that, ADFS can decrypt the hash of the signed token to ensure its integrity.


Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.