...
| Info | ||
|---|---|---|
| ||
In addition to message-level signing and encryption, X.509 certificates in metadata are used for SSL/TLS back-channel SOAP exchanges, typically on a nonstandard port like such as 8443. These certificates are not the same as and have nothing to do with SSL/TLS certificates used for browser-facing transactions over port 443. The latter certificates are not contained in metadata. |
Any certificates you want to use with your SAML software are uploaded via the administrative interface. You can upload multiple certificates for different purposes or Typically only one certificate is needed but multiple certificates may be uploaded and used as needed. For instance, multiple certificates are used to facilitate the controlled rollover of expired certificates. For detailed guidelines on the rollover process, refer to the Certificate Migration topic.
...
<idpdisc:DiscoveryResponse>
http://wiki.oasis-open.org/security/IdpDiscoSvcProtonProfile
Service Endpoints
...