Hi all, As an improvement, we have introduced a new validation for SP certificate expiry time in SAML request validation flow flow as a fix for the issue reported in [1]. The fix is as follows [2]
We have introduced a new property called *<SAMLSPCertificateExpiryValidationEnabled>* in the identity.xml file under <SSOService>. In the master implementation, we thought of keeping it as false by default, because there is a possibility that some users may use expired certificates for their service provider which we can not restrict. If any client wants to validate the SP certificate expiry time, they can make this *<SAMLSPCertificateExpiryValidationEnabled> *property to "true" and enable this certificate expiry validation. Your feedback on this is highly appreciated, if there is any concerns. [1] https://github.com/wso2/product-is/issues/5883 [2] https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/236 and https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/237 and https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/239 Thank you! Dinali -- *Dinali Rosemin Dabarera* Senior Software Engineer IAM Domain WSO2 Lanka (pvt) Ltd. Web: http://wso2.com/ Email : [email protected] LinkedIn <https://lk.linkedin.com/in/dinalidabarera> Mobile: +94770198933 <https://lk.linkedin.com/in/dinalidabarera>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
