I'm wondering about the security aspects of SAML SSO. Typically, it uses self-signed certificates, but I've read that using SSL certificates from a Certificate Authority (CA) can help prevent man-in-the-middle attacks. Is it possible to configure SAML SSO with a CA-issued certificate instead, and is this something that is required?
4 Answers
Is this also a cost-saving measure? It feels like you can achieve everything you need with Azure Key Vault too.
All that really matters is if the certificate is being validated, not necessarily if it was issued by a public CA. A self-signed cert can be just as secure as long as it's set up correctly.
We prefer to use our own certificates instead of the ones from Microsoft. We set up a certificate store in Keyfactor for better automation and management of our certs.
For SAML connections, it doesn't really matter if your certificates are signed by a public CA. What’s key is that the certificate is validated correctly during the authentication process.
That's an interesting approach! Was your main goal easy management, or were there security improvements as well? I’m curious about the impact on security.