Generate token signing .CER from ADFS Federation Metadata XML

June 24, 2015

While workging on SSO, our ADFS team has provided me with federation metadata xml only. As per this link, you also need a token-signing certificate from provider to complete the setup and provide the XML file to ADFS.

Now, the question is how to generate .pem/.cer file out of FederationMetadata.xml file. 

  1. Edit FederationMetadata.xml file, and search for <KeyDescriptor use="signing">. You should find more than one entry. Pick any one of them. 

    2.  Pick the X500Certificate value and save the text as .der file
    3. openssl x509 -in <(base64 --decode FILE_FROM_STEP2.der) -inform DER -out OUTPUT.pem

Use <OUTPUT>.per as Identity Provider Certificate. 


You Might Also Like


Popular Posts