Menu
▾
▴
Re: [Unity-idm-discuss] New certificates from IdP are not taken in place by regular metadata update
|
From: Krzysztof B. <kb...@un...> - 2020-09-17 10:28:48
|
Sander, W dniu 16.09.2020 o 12:35, Krzysztof Benedyczak pisze: > Hello Sander, > > W dniu 15.09.2020 o 09:55, Sander Apweiler pisze: >> Hello Krzysztof, >> I have some further information about this issue. The KIT IdP, who >> renews its certificate, offers at the moment two signing certificates >> in the federation metadata. The old one and the new one. This is a >> common way for the certificate renewal [1]. It seems that unity only >> supports one of them and this creates the mismatch. Unity should >> support all certificates which are provided via the IdP metadata. Good (well, somewhat) news here: indeed you are right - we have a bug here, in general related to handling multiple certificates per an entity. It is broken in a case when multiple certificates advertised for an entity share the same DN (what is actually the common case :/). Working on a fix. Best Krzysztof |
