SSO IDP Verification certificate for verifying signature of SAML Assertion
In the Authentication Service Imported the IDP metadata containing the Root , Intermediate & Leaf certificates which in turn generated the IDP keystore containing jks. When the generated jks is listed using keytool it only had the leaf certificate & does not have the root & intermediate. So just wondering
1. Does pega uses only the leaf certificate to verify the signature of SAML assertion ? Or
2. Does pega stores the Root & Intermediate certificate in a different way & refers it along with the leaf certificate (in the generated jks) for validating the signature of SAML Assertion
While listing the certificates in a file having root, intermediate and leaf certificates using the command Keytool -v -list -keystore filename.jks , it will only list the child certificate i.e. leaf certificate and not the parent certificate i.e. Root and Intermediate certificate.