Hello all,
Please does anyone have familiarity with the SAML certificate and metadata
generation process? Specifically how to create them for a HA deployment
where users will sign in to server.onu.edu and authentication will be
performed on either server-1.onu.edu or server-2.onu.edu?
On Wednesday, September 9, 2020 at 11:02:20 AM UTC-4 Jeremiah Garmatter
wrote:
>
> Hello,
>
> I am getting close to deployment of my CAS 6.2.1 instance. I would like
> some advice on updating the idp-encryption{.crt,.key}, idp-metadata, and
> the idp-signing{.crt,.key} for my production servers.
>
> I have two servers (we'll call them server-1.onu.edu and server-2.onu.edu)
> that I would like to host as a HA cluster. I will be using DNS to send
> requests made to server.onu.edu to both server-1.onu.edu and
> server-2.onu.edu.
>
> My questions are, how should I generate the certificates and metadata for
> deployment to server.onu.edu? Previously, I let CAS auto generate the
> certificates and metadata so I do not know the process. Would I need
> subject alt names of server.onu.edu, server-1.onu.edu and server-2.onu.edu
> or would only server.onu.edu suffice? Are there any specific fields I
> should set in my new certificate? I noticed the auto-generated .crt files
> have a SAN of DNS name and URI to server1.onu.edu/idp/metadata, how can I
> add a URI to my custom certificate and should I include both servers'
> metadata endpoints in it or just server.onu.edu's?
>
> I know there is a lot there, I appreciate you taking the time to read
> through it.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0460dd87-23e5-4fe0-b6b6-8da3afe6f841n%40apereo.org.
