New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.1: Improve check_idp_cert_expiration behavior #674

Open

johnnyshields opened this issue Nov 25, 2023 · 0 comments

Collaborator

johnnyshields commented Nov 25, 2023 •

edited

Loading

The check_idp_cert_expiration should improved as follows:

If true and there are multiple IdP certs, we should skip expired IdP certs and use the first one which is not expired. We should only raise the "IdP cert expired" error if there are no non-expired certs.
If true, we should check the e not_before condition (not yet ready). Currently we only check the not_after condition (expired).

The corresponding changes for SP certs are done here: #673

FYI: I have this sort of logic already coded in my app, I will review what can be ported to RubySaml gem.

The text was updated successfully, but these errors were encountered:

johnnyshields mentioned this issue

Add sp_cert_multi to facilitate SP cert/key rotation #673

Merged

johnnyshields changed the title ~~Improve check_idp_cert_expiration behavior~~ v2.1: Improve check_idp_cert_expiration behavior

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment