Does OKTA Validate Signature on SAML Authentication Requests
We are a Service Porvider and have customer using OKTA as their IdP.
We typically SIGN our SAML authentication requests, and our changing our certificate in next few months. For other IdPs like ADFS, the customer can add our new cert as a secondary cert and so the "switch" is seamless.
I cant seme to find: 1. Where in OKTA I would upload the SP signing certificate? 2. If it is an option to DISABLE checking the signing of the request (or if OKTA does check even?)
Okta currently doesn't validate AuthnRequest signatures. We require the ACS URL to be whitelisted in Okta and don't trust the ACS URL in the request.
We do require LogoutRequest signatures for SP-initiated Single Logout. This is supported for App Wizard created SAML applications and you can upload the new certificate in the SAML settings for the app if you are using this feature