You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The WSFed authentication process requires that the thumbprint of the signing certificate of the wresult XML parameter in the callback HTTP request is configured and stored in advance. There is no way to opt out of certificate validation.
In our case, the signing authority replaces their certificate ever once in a while. The lifetime of a cert seems to be on the order of 3 years. When the cert is replaced, the auth in our system breaks. There is an organizational boundary between us, the consumers, and the auth provider, so making them co-ordinate their certificate rotation with us is next to impossible.
The thumbprint check should be optional.
The text was updated successfully, but these errors were encountered:
The WSFed authentication process requires that the thumbprint of the signing certificate of the
wresultXML parameter in the callback HTTP request is configured and stored in advance. There is no way to opt out of certificate validation.In our case, the signing authority replaces their certificate ever once in a while. The lifetime of a cert seems to be on the order of 3 years. When the cert is replaced, the auth in our system breaks. There is an organizational boundary between us, the consumers, and the auth provider, so making them co-ordinate their certificate rotation with us is next to impossible.
The thumbprint check should be optional.
The text was updated successfully, but these errors were encountered: