I'm exploring ways to enhance security for my SAML Single Sign-On setup. Typically, these configurations use self-signed certificates, but I've heard that using certificates from a Certificate Authority (CA) can help avoid man-in-the-middle attacks. Is it feasible to set up SAML SSO with a CA-issued certificate? Also, is it a requirement to do so, or is self-signed still considered safe in this context?
4 Answers
SAML connections usually rely on specific certificates, so whether they're from a public CA isn't crucial. The key point is that the certificates need to be validated, not just about where they came from.
We use our own certificates instead of the default Microsoft ones. We have an automated setup with Keyfactor that gives us better management. It boosts our operational efficiency, but I’m curious how much of a difference it makes in terms of security.
It's all about certificate validation! As long as your cert is being validated correctly, it doesn’t need to be signed by a public CA to keep things secure.
Yeah, using your own certs might be a cost-saving measure. It reminds me of some features you get with Azure Key Vault.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads