Update staging SAML metadata with new SAML signing certificate#1016
Update staging SAML metadata with new SAML signing certificate#1016
Conversation
humphd
left a comment
humphd
left a comment
There was a problem hiding this comment.
Because we use the same code to build the staging and production images, and merge from main to release to do it, we should add the production version here at the same time, so it's there when we merge later.
We won't actually switch to the new production one automatically until we test and you switch things over, though.
|
I'm not sure if this process would work or not, that's why I did only for non-prod to test. btw, I made idp-metadata-dev.xml to be the same as idp-metadata-staging.xml as well. |
humphd
left a comment
humphd
left a comment
There was a problem hiding this comment.
The change to the config/idp-metadata-dev.xml file will break the development setup (NOTE: we use dev to mean "local dev" vs. "staging", which I know you call "dev" so it's confusing).
Can you revert that change? The rest is good.
After that, I'll merge and we can test on the staging server to see if it works.
humphd
left a comment
humphd
left a comment
There was a problem hiding this comment.
Looks good. I'll merge so we an see how it behaves on staging.
humphd
deleted the
mehrdadziaei/update-staging-saml-metadata-2026-01-20
branch
|
Thanks, |
|
Fantastic. Are you OK if I merge this and we try on production? Let me know when and I'll do it. |
|
Since the SAML library can use both certificates, there was no outage for switching active certificate. |
* use client side rendering for local dates (#1014) * Update staging SAML metadata with new SAML signing certificate (#1016) * Update staging SAML metadata with new SAML signing certificate * Updated idp-metadata-dev.xml and idp-metadata-production.xml * Revert idp-metadata-dev.xml back to original --------- Co-authored-by: Mehrdad Ziaei <mehrdad.ziaei@senecapolytechnic.ca> --------- Co-authored-by: TheoForger <theoforger@proton.me> Co-authored-by: mehrdadziaei <53977875+mehrdadziaei@users.noreply.github.com> Co-authored-by: Mehrdad Ziaei <mehrdad.ziaei@senecapolytechnic.ca>
2 participants
New metadata has two certificate in it, one the current active one that expires soon and another one that is in inactive state in Microsoft IdP.
We do not know how the saml library handles multiple certificates in the metadata.
Ideally it should try both, but needs to be tested.
After deployment, I will make the new certificate active in Microsoft IdP and test login to see if it works.