Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option for SAML to validate or ignore invalid X509 Certificates #3170

Open
strehle opened this issue Nov 29, 2024 · 0 comments
Open

Add option for SAML to validate or ignore invalid X509 Certificates #3170

strehle opened this issue Nov 29, 2024 · 0 comments

Comments

@strehle
Copy link
Member

strehle commented Nov 29, 2024

What version of UAA are you running?

Add option for SAML to allow or recject X509 certificates which are not valid (anymore).

How are you deploying the UAA?

I am deploying the UAA

  • locally only using gradlew
  • using a bosh release I downloaded from bosh.io
  • using cf-release
  • using cf-deployment
  • as part of a commercial Cloud Foundry distribution
  • other (please explain)

What did you do?

Setup various SAML integrations because of testing new SAML library.

Some IdP ignore expired X509, some not.

UAA (test UAA) has invalid certificate and with this the tests somethimes passed, sometimes not.

Azure/Entra has
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/howto-enforce-signed-saml-authentication#configure-saml-request-signature-verification

SAP SCI rejects

KeyCloak rejects

Okta? accepts

What did you expect to see? What goal are you trying to achieve with the UAA?

What did you see instead?

Please include UAA logs if available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

1 participant