SAML 2.0 SP metadata: Purpose and the use of certificate

tony.0919 picture tony.0919 · Sep 10, 2014 · Viewed 13.8k times · Source

Here is the part of SP metadata.

Reference: Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0

...   
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:X509Data>
        <ds:X509Certificate>
        </ds:X509Certificate>
    </ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:X509Data>
        <ds:X509Certificate>
        </ds:X509Certificate>
    </ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
...

Are there any benefits to choose same (or different) certificate in both signing and encryption certificate ?

What is the purpose of including signing certificate here ?

If the message is sent through https, a transport layer encryption is provided. Do we still need to include encryption certificate here ?

Answer

Vladim&#237;r Sch&#228;fer picture Vladimír Schäfer · Sep 10, 2014

In SAML 2.0 Web SSO's metadata providers typically declare the same certificate for both signing and encryption usage.

There are some use-cases where usage of different keys makes sense - e.g. when SP itself is not supposed to be able to decrypt data provided by IDP (e.g. nameID or attributes), but this is only done by the ultimate recipient of the Assertion; or when a different party provides content for creation of assertion than the party who actually creates the SAML messages - but those use-cases are rare and more relevant for other profiles than Web SSO.

The signing certificate is included in order to inform users of the metadata on how to verify messages provided by the issuer of the metadata. For example, when SP receives a message from IDP, it uses signing certificate defined in IDP's metadata in order to verify whether the message was created by the IDP and wasn't tampered with during transport.

You typically don't need to include the encryption certificate in case encryption is done on transport layer and you don't perform any encryption on message level (e.g. of whole message, assertion, nameID or attributes).