CAS, Azure and expiring SAML cert - any issues?

[Kevin Sewell]

PUBLIC / CYHOEDDUS

Hi,

We are delegating our CAS authentication to Azure via SAML using cas.authn.pac4j.saml. We've been doing that for 3 years, without any issues.

Our Azure CAS app's SAML certificate is due to expire shortly.

 

We are planning to renew the certificate, make it active, and delete the expired one once it actually becomes expired.

 

Can I ask whether anyone has had issues after creating a new certificate for your CAS app in Azure and making it Active?

Also, do you know whether it was actually necessary to renew the certificate or did it just carry on without issues?

 

Currently running v6.5, but would appreciate your experience with any version.

Many thanks!

Kevin

[Ray Bon]

Kevin,

Here is an example of cert rollover, https://www.switch.ch/aai/guides/idp/certificate-rollover/

The expired certs will prevent log in if the applications are not broken.

Ray

On Thu, 2023-03-30 at 15:54 +0000, 'Kevin Sewell' via CAS Community wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

[Kevin Sewell]

PUBLIC / CYHOEDDUS

Thanks for the heads up Ray,

We will now remove the expiring Azure certificate shortly after successfully testing the rollover, and use the /cas/sp/idp/metadata?force=true endpoint on our CAS server whenever our Azure service’s metadata changes.

Kevin

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/58becabda6781c976c11348b3a3d22d5b22532a8.camel%40uvic.ca.