AnsweredAssumed Answered

Samanage / Azure AD SSO certificate keys

Question asked by Todd Nickels on Feb 9, 2017
Latest reply on Sep 5, 2017 by Yum Darling

We setup up the Samanage SSO via SAML that connects to Azure Active Directory per the documentation that exists here:

https://community.samanage.com/thread/1752?_ga=1.240014979.1472963012.1479499329.

 

Within the Samanage/Setup/Single Sign-On screen, our x.509 (provided by Azure AD) certificate changes and we are required to update it to enable single sign on to work.  Microsoft is changing those keys (which impacts the x.509 certificate required by Samanage)  often and without notice, as documented here and those consuming applications, namely Samanage in our case, will need to support those key changes automatically.

https://azure.microsoft.com/en-us/blog/required-practice-for-applications-integrating-with-azure-active-directory/

 

Microsoft has provided documentation on how to build and update applications that integrate and support Azure Active Directory so the certificate can be updated automatically and won’t impact the application.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-signing-key-rollover

 

I'd like to know if there is something we can do with current setup to mitigate this issue or if there are plans with Samanage to change the way that the certs are handled so that it could deal with the automatic rollover when new keys are generated by Microsoft.

 

Thank you.

Outcomes