Allow saml auth to rotate SP certificate

Bug #1800058 reported by Robert Lyon on 2018-10-26
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Robert Lyon

Bug Description

Need a system where we can create a new certificate without dropping the old certificate until all IdP's are up to date with new metadata

Robert Lyon (robertl-9) on 2018-10-26
Changed in mahara:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Robert Lyon (robertl-9)
milestone: none → 19.04.0
Changed in mahara:
importance: High → Wishlist
Robert Lyon (robertl-9) wrote :

The patch allows one to have 2 certs in play at once and then to remove the older certificate via the Admin -> Extensions interface.

What it is lacking is to be able to create a self-signed cert that contains things like subjectAltName - due limitations in the PHP inbuilt openssl_* functions

What would also be good to have is the ability to paste in a cert.conf file details to use that to make the self signed cert (or at very least to copy local/commandline generated cert / pem files into place)

Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit c9ec77b1cc41b0417ef282d6a1c630db97d21c5d
Author: Robert Lyon <email address hidden>
Date: Tue Oct 23 14:06:47 2018 +1300

Bug 1800058: Ability to generate new local saml cert without deleting old one

This patch:
1) adds a button to make new cert/pem without deleting old one on
plugin config page
2) have both certificates listed in metadata
3) allow the deletion of old certificate and moving new one into its


Change-Id: I12a0f65582a0198cbb5d8b55fcf77cc677088ba0
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2018-11-12
Changed in mahara:
status: In Progress → Fix Committed

Thank you to SWITCH for this new feature.

tags: added: nominatedfeature
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers