It's possible to have both Idp-initiated and SP-initiated. Our example for .NET Core (which will be released in a few days) demonstrates that. You can have one cert pair (public key and private key). In this case both sites have to have both private and public keys. Who signs the request is the issuer.
edited 1/27/2018 2:00:45 AM
answered 1/27/2018 1:47:06 AM