Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

My trading partner uses software that requires that the certificate is provided in the metadata or as a separate file.

Typical error messages include (examples shown from ADFS2)

Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: MSIS0037: No signature verification certificate found for issuer


The signing credentials cannot be resovled because signed XML does not contain a SecurityKeyIdentifier.

Step-by-step guide

By default, the Ubisecure SSO metadata contains only the public key. To enable publishing of the certificate:

  1. Edit ubilogin-sso/ubilogin/webapps/uas/WEB-INF/
  2. Add the following lines

    # saml interoperability features

    com.ubisecure.ubilogin.uas.saml2.compatibility = MetadataCertificate

  3. Execute ubilogin-sso/ubilogin/config/tomcat/update.cmd

  4. The certificate is now available in the SAML 2.0 metadata (The link is visible on the Ubisecure SSO Management main page)

  5. If the trading partner requires the certificate in a separate .PEM file, copy the certificate to a new file and add "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" before and after the certificate.

Please note that this change is lost during system upgrades. Record this customization in your system documentation and re-apply during the upgrade process as described in the Ubisecure SSO Installation and Upgrade document.

  • No labels