<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009lM6z5CACOkta Classic EngineSingle Sign-OnAnswered2025-09-13T09:01:51.000Z2023-10-25T09:26:03.000Z2023-10-25T17:37:51.000Z

pj7su (pj7su) asked a question.

Edited October 25, 2023 at 9:26 AM
How to generate SAML Metadata with X509Data using X509IssuerSerial instead of X509Certificate

I am testing existing SAML integration using with test SAML application , the metadata is https://dev-327125.oktapreview.com/app/exk111qpu0uBmoMzD0h8/sso/saml/metadata

 

according to https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd I can see the Key Info element can have X509Data complex type using X509IssuerSerial as well,

currently I am seeing the Metadata contains another element as X509Certificate

 

So Is there any configuration in SAML app , where I can specify the metadata should contain X509IssuerSerial instead of X509Certificate ?

  • 3 answers
  • 525 views
Mihai Negoita - Okta likes this.

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @pj7su (pj7su)​ , Thank you for reaching out to the Okta Community! 

     

    There currently is no feature for this. 

    You can suggest it as a Feature Enhancement on the Okta Community page by going to the Community Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented. 

    More details here.

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Join us for the Okta Workflows Ask Me Anything (AMA) on Oct 26. Submit your questions today.

    Expand Post
    Selected as Best

  • a0n5s (a0n5s)

    @pj7su (pj7su)​ Do you want sign the saml request and response? do you want encrypt the response data?

  • pj7su (pj7su)

    Hello @a0n5s (a0n5s)​ 

    I would like to see Request & Response to be signed using X509IssuerSerial algo and need to know what settings needs to be at okta side so that the metadata that contains X509IssuerSerial cert.

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @pj7su (pj7su)​ , Thank you for reaching out to the Okta Community! 

     

    There currently is no feature for this. 

    You can suggest it as a Feature Enhancement on the Okta Community page by going to the Community Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented. 

    More details here.

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Join us for the Okta Workflows Ask Me Anything (AMA) on Oct 26. Submit your questions today.

    Expand Post
    Selected as Best
This question is closed.
Loading
How to generate SAML Metadata with X509Data using X509IssuerSerial instead of X509Certificate