AnsweredAssumed Answered

Aveksa SAML Authentication - Using organizational certificate ( instead of the internal self-signed certificate )

Question asked by Eyal Sperling on Jun 25, 2020
Latest reply on Jun 26, 2020 by Mostafa Helmy

Like • Show 0 Likes0
Comment • 3

During the configuration of saml authentication , one of the required steps is generation of a signing certificate

This certificate is a self-signed certificate ( with Aveksa as subject ) and has an expiration time of one year

1 ) Is it possible to use a different certificate i.e a certificate that was issued by the organization CA ?

2 ) If the answer to the question above is false - Is it possible to at least control the the expiry date of the certificate and extend it to more that 1 year ?

Thanks

Eyal

Mostafa Helmy

Jun 26, 2020 4:48 AM

Correct Answer

Though I understand your requirement here, it is not possible to use any different certificate for SAML SSO or control its expiry. It has to be the system generated certificate.

I would suggest raising an idea on RSA Ideas for RSA Identity Governance & Lifecycle for this (How to make your RSA Idea stand out!).

See the reply in context

No one else had this question

Outcomes

Ian Staines

Jun 25, 2020 11:05 AM

Can you point me to the reference document where it says "one of the required steps is generation of a signing certificate"?

Actions

Eyal Sperling @ Ian Staines on Jun 25, 2020 1:12 PM

In "IGL_7.1.1_Administrators_Guide.pdf" under "Configure the SAML Authentication Source" - It says that " you must download the X.509 certificate required for the SSO SAML authentication source “IDPCertificate” setting"

Actions

Mostafa Helmy

Jun 26, 2020 4:48 AM

Though I understand your requirement here, it is not possible to use any different certificate for SAML SSO or control its expiry. It has to be the system generated certificate.

I would suggest raising an idea on RSA Ideas for RSA Identity Governance & Lifecycle for this (How to make your RSA Idea stand out!).

Actions

3 Replies

Ian Staines Jun 25, 2020 11:05 AM
Mark Correct
Correct Answer
Can you point me to the reference document where it says "one of the required steps is generation of a signing certificate"?
Like • Show 0 Likes0
Actions
- Eyal Sperling @ Ian Staines on Jun 25, 2020 1:12 PM
  Mark Correct
  Correct Answer
  In "IGL_7.1.1_Administrators_Guide.pdf" under "Configure the SAML Authentication Source" - It says that " you must download the X.509 certificate required for the SSO SAML authentication source “IDPCertificate” setting"
  Like • Show 0 Likes0
  Actions
Mostafa Helmy Jun 26, 2020 4:48 AM
Unmark Correct
Correct Answer
Though I understand your requirement here, it is not possible to use any different certificate for SAML SSO or control its expiry. It has to be the system generated certificate.

I would suggest raising an idea on RSA Ideas for RSA Identity Governance & Lifecycle for this (How to make your RSA Idea stand out!).
Like • Show 0 Likes0
Actions

Aveksa SAML Authentication - Using organizational certificate ( instead of the internal self-signed certificate )

Outcomes

Related Content

Recommended Content