IdP Signing certificate

Vijay11 · March 16, 2020, 2:45pm

Hello - is there a better way to manage the validity of IDP signing certificate from the Okta admin console?

If i provided Okta Idp metadata with a DS signature validity of 4 yrs to a Service provide, how can i restrict or issue a new Idp cert with 2 years validity?

phi1ipp · March 19, 2020, 3:33am

you can’t, IdP certificate is managed by Okta

Vijay11 · March 19, 2020, 1:21pm

Thanks! how about the SaaS apps integrated with Okta, once the validity of the cert is reduced to 3 years ? Should i generate a new Metadata and provide it to the SaaS application or once Okta reduces the validity, it automatically reflects to all the Integrated applications?

phi1ipp · March 19, 2020, 2:40pm

When you create SAML application in Okta, it provides you with IdP metadata URL where you can always find its certificate used for signing/encryption. So if you want to be aware of any changes in the future, just read this URL and update your SP configuration accordingly. Though a lot of apps/frameworks make it possible to not hard-code IdP cert, but rather read it from URL

Vijay11 · March 25, 2020, 2:24pm

Thank You for the insight.

system · January 23, 2024, 10:58pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
IdP Signing certificate Validity Questions	1	3309	January 24, 2024
Change Default SAML Certificate Validity Years SAML	1	2119	February 13, 2024
IdP Signature Certificate get expiration date trough API API	4	3003	February 13, 2024
If Okta is the Identity Provider, how do I generate a Idp Signing Certificate for other SPs to use? SAML	2	8934	March 22, 2018
Certificate validation for SAML SAML saml	2	6563	April 24, 2019

IdP Signing certificate

Related topics