Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
Description
User claims the Azure AD documentation is insufficient.
We are unable to pinpoint which certificate we need to copy to the Capella SSO realm because federationmetadata.xml contains three certificates for
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">The same set of certificates is repeated for
<RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:SecurityTokenServiceType">and
<RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xsi:type="fed:ApplicationServiceType">The documentation does not clearly indicate which certificate to pick.
Please let me know if further information is required to get this improved. I am also happy to provide a direct contact to the user facing this issue.