ComponentSpace

Forums



SAML - Local certificate expires


SAML - Local certificate expires

Author
Message
yannis
yannis
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Awaiting Activation
Posts: 5, Visits: 13
Hi all,

Question. I have a client using Ping as their underlying SSO provider. They have setup my company as the service provider. When their users login via SSO on our platform they are redirected to a Ping screen to login for their organization and then redirected back to our platform as logged in users.

Our certificate - setup as a local certificate under local service provider configuration - is about to expire. I have a few questions.

1. I assume we need to send them our updated PEM / CER file to update their end respectively. Correct?
2. They are quite slow at doing these changes. Can we use an expired certificate for some time while the new one is updated on their end?

Thanks


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)

Group: Administrators
Posts: 2.8K, Visits: 8.5K
In response to your questions:

1. Yes, you should supply them with a new PEM/CER file prior to your certificate expiring.

2. From our perspective you can use an expired certificate. We don't validate the certificate (ie check its expiry date etc). However, I'm not use whether Ping performs any sort of certificate validation. You would need to check with the identity provider. Hopefully their configuration supports configuring both certificates (the old and new). This makes it easier to seamlessly handle certificate rollover.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search