Can anyone explain which set of assertions are needed to grab the certificate from an SSL handshake to be used to validate a SAML signature? We are trying to meet a use case within the NHIN standard where the public certificate is expected to be taken from the protocol level and used for message level validation. Thanks!
Would you be able to provide a sample of the request with the SAML token to make sure we have the right layout. Also will you be authenticating the SSL certificate?
Director, Technical Support
Hi Stephen, here is the sample request. Yes, we will be authenticating the SSL certificate.
Please review the attached policy that will take the information from the SSL certificate provided in the Network transport and then extract out the SAML token to first validate the signature using the SSL certificate and then validate the SAML token authentication statement. If you are using a SOAP service ensure to uncheck the Perform WS-Security processing for this service on the service property to allow the policy to act against the message instead of the default behavior.