Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
systemgeek
Contributor

Certificate help

I am getting lost with all the certs so can someone please help me.  While I have System SAML SSO logins working I noticed that one of the certs involved I have no clue where it came from.  So I am trying to understand which cert is needed where.

 

On the FortiGate:

SAML SSO SP Cert: I am guessing this should be the cert of the SP.  If the SP Address is john.com the cert should be the cert+key of john.com.

SAML SSO IdP cert: This should be the cert of the IdP (imported as a remote cert).  In my case the ADFS server.

 

On the ADFS Server:

Matching Relaying party trust Encryption: ADFS Cert

Matching Relaying party trust Signature: ADFS Cert

 

Does this sound correct?

1 Solution
hbac
Staff
Staff
2 REPLIES 2
systemgeek
Contributor

Not being a Windows person it took me a bit to figure out where my extra cert came from.  So I would like to correct the cert listing I have above.

On the FortiGate:

SAML SSO SP Cert: I am guessing this should be the cert of the SP.  If the SP Address is john.com the cert should be the cert+key of john.com.

SAML SSO IdP cert: This should be the cert of the IdP (imported as a remote cert).  In my case the ADFS server Token-decrypoting Cert.

 

On the ADFS Server:

Matching Relaying party trust Encryption: ADFS Service Communication Cert 

Matching Relaying party trust Signature: ADFS Service Communication Cert

 

hbac
Staff
Staff

Hi @systemgeek,

 

Yes, it seems correct. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SAML-SSO-login-for-SSL-VPN-wit...

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors