We are working on SAML-based SSO with Azure AD. WE did all the required setup and able to make the SAMLRequest and able to get SAMLResponse on reply URL. But the response is BASE64 encoded and encrypted.
I am not able to decode the response as it required idpPublicKey, spPublicKey & spPrivateKey. Can someone help how to generate these keys and configure in AZURE AD.
(1) Manage certificates for federated single sign-on in Azure Active Directory (on the official Microsoft website) provides the instruction on how to generate idpPublicKey of Azure AD and configure SSO with Azure AD.
(2) spPublicKey & spPrivateKey should be generated by your SAML SP application (NOT by Azure AD IdP), for example, Shibboleth SAML SP at GitHub repository provides a sample for spPublicKey & spPrivateKey and SAML SP configuration example under "shibboleth-sp-testapp/shibboleth-sp/".
Another StackOverflow question Keytool - Generate Public key in X.509 format using existing private key provides the instruction how to use native OpenSSL command to generate spPublicKey & spPrivateKey for a SAML SP application.
You just required idpPublicKey inorder to validate the SAML response. Azure AD does not validate the SP requests.
So you do not required any SP public/private keys.
