Ask HN: Should You Include a Certificate in a SAML AuthnRequest?
When implementing SAML authentication, one question often arises:Should the Service Provider (SP) include its certificate directly in the <AuthnRequest>?
When implementing SAML authentication, one question often arises:Should the Service Provider (SP) include its certificate directly in the <AuthnRequest>?
I am not an expert in SAML, but my understanding is that the cert is typically included in the SP metadata. It seems to me that icluding the SP cert in the AuthnRequest would defeat the purpose of signing the request. Is that supported in the standard?
Why, the other side should already know it.