Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v2.1: Improve check_idp_cert_expiration behavior #674

Open
johnnyshields opened this issue Nov 25, 2023 · 0 comments
Open

v2.1: Improve check_idp_cert_expiration behavior #674

johnnyshields opened this issue Nov 25, 2023 · 0 comments

Comments

@johnnyshields
Copy link
Collaborator

johnnyshields commented Nov 25, 2023

The check_idp_cert_expiration should improved as follows:

  1. If true and there are multiple IdP certs, we should skip expired IdP certs and use the first one which is not expired. We should only raise the "IdP cert expired" error if there are no non-expired certs.
  2. If true, we should check the e not_before condition (not yet ready). Currently we only check the not_after condition (expired).

The corresponding changes for SP certs are done here: #673

FYI: I have this sort of logic already coded in my app, I will review what can be ported to RubySaml gem.

@johnnyshields johnnyshields changed the title Improve check_idp_cert_expiration behavior v2.1: Improve check_idp_cert_expiration behavior Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant