Generate token signing .CER from ADFS Federation Metadata XML
While workging on Force.com SSO, our ADFS team has provided me with federation metadata xml only. As per this link , you also need a token-signing certificate from provider to complete the setup and provide the Force.com XML file to ADFS. Now, the question is how to generate .pem/.cer file out of FederationMetadata.xml file. Edit FederationMetadata.xml file, and search for <KeyDescriptor use="signing">. You should find more than one entry. Pick any one of them. 2. Pick the X500Certificate value and save the text as .der file 3. openssl x509 -in <(base64 --decode FILE_FROM_STEP2.der) -inform DER -out OUTPUT.pem Use <OUTPUT>.per as Identity Provider Certificate. Reference: https://ask.auth0.com/t/how-to-convert-saml-federationmetadata-xml-key-to-pem-or-cer/24