I am implementing a SSO mechanism with a Service Provider (SP) by using ADFS asIdentity Provider (idp).
The SP regular website offers integration with ADFS so it was enough to setup the SP as Relying Partner in my ADFS and provide them theToken Signing certificate.
The mobile app of the SP does not offer integration with ADFS, therefore they require aweb application to be built (SSOApplication) that bridges the SSO mechanism between SP and ADFS. The SP redirects the request to SSOApplication that in the background, by using SAML, queries the ADFS and then, if authentication is approved, sends the response to the SP.
SSOApplication correctly communicates with ADFS but I cannot sign the SAML response for the SP because in the Token Signing certificate, contrarely to the SSL certificate, there is no option to export the private key (as MS claims here ). The SP requires the same certificate for both Web and Mobile App entry points, therefore I cannot use two different Token Signing certificates.
Moreover, this very certificate is used by other SPs that communicate with my ADFS, therefore if I change certificate I have to communicate the new certificate to the other SP integrated with our ADFS. Is there any way to export the private key from the Signing Token certificate? Is there any way to use differnet Token Signing certificates for different realying parties in ADFS?
PS: In ADFS I can export the key of the SSL certificate but there is not the same option for Token Signing.