While learning about SAML Single Sign-On, I got to know about digital signatures because SAML SSO uses digital signature for XML files.
Example with SAML SSO
During SSO, if the identity provider successfully authenticates the user, it generates an XML document that has SAML assertions and it signs the document.
How to generate a Singing Key and Certificate
We can use OpenSSL that generates public and private keys. Public keys are also referred to as X509 Certificate.
How to use a Signing Key an Certificate to validate documents
A Signing Key (private key) will be used to sign the document. Then, the receiver can use the public key Signing Certificate (public key) that matches the Signing Key to validate the document matches the certificate. This way, a user who has public key can validate document signed with a private key.
