Hello,
I couldn’t find any documentation on how I can get the IdP Signature Certificate expiration date, except by going to the GUI and checking it from there. Ideally, I would want to get this through an API call.
I want to set up an alert for our internal teams on Expiring Signature Certificates, and I’m not sure if it can be done and how.
I’m pretty surprised that no one has asked this, and it’s nowhere to be found in the Okta documentation.
Hello,
You can get the IdP with Identity Providers | Okta Developer
In the links section it will contain a metadata.xml URL
...
"_links": {
"metadata": {
"href": "https://{domain}.okta.com/api/v1/idps/0oa1iodsdkj123456789/metadata.xml",
"type": "application/xml",
"hints": {
"allow": [
"GET"
]
}
},
...
This will return among other things an x509 that you can decode and check the validity date.
Note when you call the metadata.xml URL you will need to pass an API Token as well.
Hey Erik,
Thank you for the help, but this URL only returns my metadata file with my signing certificates, which is helpful but not what I need.
I need to get the IdP Signature Certificate expiration date.
Is it something that I can achieve through the API?
I am looking for the same ability and looks like that I cannot find any references to this one in API.
Only reference that I can find out is an answer that it is not exposed to API - Okta Help Center (Lightning).
Could someone from Okta team confirm it ?