Multiple certificates in SP metadata are not supported

Question

Multiple certificates in SP metadata are not supported

Opened this issue 5 years ago · 2 comments

This report should be verified.

It looks like when a SP metadata has multiple certificates, spid-testenv2 rejects all AuthnRequests even if they are signed with one of those certificates. Removing the extra ones and leaving only the actually used one appears to fix the issue.

In the test case, the correct certificate was the second one listed in the metadata. So maybe spid-testenv2 is only considering the first one.

Answer 1 · 2020-06-08T13:20:38.000Z

Hi, I can confirm the issue: we experimented the same problem with a SP metadata that contains multiple signing certificates. As suggested, removing one of them resolved the problem.
Any estimate about the resolution?

Thanks

Answer 2 · 2021-02-28T23:19:01.000Z

it could be also related to this
#325