ComponentSpace

Forums



InitiateSSO - use the SecondaryLocalCertificate to sign authnrequest


InitiateSSO - use the SecondaryLocalCertificate to sign authnrequest

Author
Message
aheho
aheho
New Member
New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)

Group: Forum Members
Posts: 17, Visits: 65
I have 2 active certificates in my service provider configuration (LocalCertificateSerialNumber & SecondaryLocalCertificateSerialNumber). This comes in handy as when there is a need to replace a certificate, I can't expect every external Identity provider we work with to migrate to the new certificate simultaneously. This works well with Id Initiated SSO. 

However we recently started working with SP Initiated SSO. 

I'm wondering if there is any way to specify, per Identity provider, which certificate to use to sign AuthNRequest when issuing the InitiateSSO method?




ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
You can also specify the LocalCertificateSerialNumber etc on the <PartnerIdentityProvider>. This means you can configure a local certificate specifically for each partner IdP. If no LocalCertificateSerialNumber is configured for a <PartnerIdentityProvider>, the LocalCertificateSerialNumber configured for your <ServiceProvider> is used.

Please refer to the Certificate Rollover section of the Certificate Guide for more information.
https://www.componentspace.com/Forums/9349/Certificate-Guide


Regards
ComponentSpace Development
aheho
aheho
New Member
New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)New Member (22 reputation)

Group: Forum Members
Posts: 17, Visits: 65
ComponentSpace - 8/12/2019
You can also specify the LocalCertificateSerialNumber etc on the <PartnerIdentityProvider>. This means you can configure a local certificate specifically for each partner IdP. If no LocalCertificateSerialNumber is configured for a <PartnerIdentityProvider>, the LocalCertificateSerialNumber configured for your <ServiceProvider> is used.

Please refer to the Certificate Rollover section of the Certificate Guide for more information.
https://www.componentspace.com/Forums/9349/Certificate-Guide

What version was this feature introduced? We are running 2.6.0.19.



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
It was introduced in v2.6.0.0.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









ComponentSpace Forums


Search