On Thu, Jul 18, 2019 at 1:55 PM Dinali Dabarera <[email protected]> wrote:
> Hi all, > > As an improvement, we have introduced a new validation for SP certificate > expiry time in SAML request validation flow flow as a fix for the issue > reported in [1]. The fix is as follows [2] > > We have introduced a new property called > *<SAMLSPCertificateExpiryValidationEnabled>* in the identity.xml file > under <SSOService>. > > In the master implementation, we thought of keeping it as false by > default, because there is a possibility that some users may use expired > certificates for their service provider which we can not restrict. > +1 As certificate has been configured explicitly. > If any client wants to validate the SP certificate expiry time, they can > make this *<SAMLSPCertificateExpiryValidationEnabled> *property to "true" > and enable this certificate expiry validation. > > Your feedback on this is highly appreciated, if there is any concerns. > Are we fixing SAML2 Bear grant + Outbound SAML response ? Thanks, Asela. > > [1] https://github.com/wso2/product-is/issues/5883 > [2] https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/236 > and https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/237 > and https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/239 > > > Thank you! > Dinali > > -- > *Dinali Rosemin Dabarera* > Senior Software Engineer > IAM Domain > WSO2 Lanka (pvt) Ltd. > Web: http://wso2.com/ > Email : [email protected] > LinkedIn <https://lk.linkedin.com/in/dinalidabarera> > Mobile: +94770198933 > > > > > <https://lk.linkedin.com/in/dinalidabarera> > > > > > > > > > > > > > > -- Thanks & Regards, Asela Mobile : +94 777 625 933 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
