Customers must provide a valid x509 Certificate when setting up SAML SSO (http://en.wikipedia.org/wiki/X.509).
According to the SAML2.0 specification, the SAML2.0 Login Response and/or the Assertion should be signed by digital certificates. In order for SuccessFactors to verify a SAML Login Response, the X509 certificate is required from the customer. The same X509 certificate will be used to verify the signed inbound SAML2.0 Logout Response message.
Our screen in provisioning will only accept a basic txt file with
"-----BEGIN CERTIFICATE-----" [certificate detail] "-----END CERTIFICATE-----"
SuccessFactors will accept the X509 certificate in PEM or .txt format We can also extract the certificate if the customer provides their metadata.xml file.
KBA , LOD-SF-PLT , Foundational Capabilities & Tools , How To