I created a SAML2 Identity Provider using ComponentSpace's .net library. We have a 3rd party app that will act as the Service Provider.
I know that X.509 certificates are used, but who creates the certificates? The Identity Provider, the Service Provider. Or do they each create their own?
ComponentSpace comes with some self-signed certificates that you can use to get started.
You need to create the certificates on the SP side.
On the IDP side, the IDP will have its own certificates that it creates.
ADFS e.g. will create its own if configured to do that but you can upload your own if you want.
