:doc:`CognitoIdentityProvider <../../cognito-idp>` / Client / get_signing_certificate

***********************
get_signing_certificate
***********************



.. py:method:: CognitoIdentityProvider.Client.get_signing_certificate(**kwargs)

  

  Given a user pool ID, returns the signing certificate for SAML 2.0 federation.

   

  Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and assigns a new signing certificate annually. This renewal process returns a new value in the response to ``GetSigningCertificate``, but doesn't invalidate the original certificate.

   

  For more information, see `Signing SAML requests <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-signing>`__.

   

  .. note::

    

    Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

     

    **Learn more**

     

    
    * `Signing Amazon Web Services API Requests <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html>`__
     
    * `Using the Amazon Cognito user pools API and user pool endpoints <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html>`__
    

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetSigningCertificate>`_  


  **Request Syntax**
  ::

    response = client.get_signing_certificate(
        UserPoolId='string'
    )
    
  :type UserPoolId: string
  :param UserPoolId: **[REQUIRED]** 

    The ID of the user pool where you want to view the signing certificate.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Certificate': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 

      Response from Amazon Cognito for a signing certificate request.

      
      

      - **Certificate** *(string) --* 

        The x.509 certificate that signs SAML 2.0 authentication requests for your user pool.

        
  
  **Exceptions**
  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.InternalErrorException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException`

  