The token signing cert is self signed cert, so during the RP integration the token signing self signed cert is given to the application.
These are my doubts.
1. Server communication certificate is not exchanged, but the transaction happens via https between resource partner and idp.
2. during the token exchange using the token signing signing cert, i would like to know if the signing algorithm is also based in the certificate or it is mostly defaulted sha1 or sha256. Is this the same algorithm that is used to encrypt the samlrequest?
Also trying to find out how signature and encryption algorithm are related to each other with certificates.