Allow saml auth to rotate SP certificate
Bug #1800058 reported by
Robert Lyon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Wishlist
|
Robert Lyon |
Bug Description
Need a system where we can create a new certificate without dropping the old certificate until all IdP's are up to date with new metadata
Changed in mahara: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Robert Lyon (robertl-9) |
milestone: | none → 19.04.0 |
Changed in mahara: | |
importance: | High → Wishlist |
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
The patch https:/ /reviews. mahara. org/#/c/ 9254/7 allows one to have 2 certs in play at once and then to remove the older certificate via the Admin -> Extensions interface.
What it is lacking is to be able to create a self-signed cert that contains things like subjectAltName - due limitations in the PHP inbuilt openssl_* functions
What would also be good to have is the ability to paste in a cert.conf file details to use that to make the self signed cert (or at very least to copy local/commandline generated cert / pem files into place)