Hi Asela, On Thu, Jul 18, 2019 at 4:49 PM Asela Pathberiya <as...@wso2.com> wrote:
> > > On Thu, Jul 18, 2019 at 1:55 PM Dinali Dabarera <din...@wso2.com> wrote: > >> Hi all, >> >> As an improvement, we have introduced a new validation for SP >> certificate expiry time in SAML request validation flow flow as a fix for >> the issue reported in [1]. The fix is as follows [2] >> >> We have introduced a new property called >> *<SAMLSPCertificateExpiryValidationEnabled>* in the identity.xml file >> under <SSOService>. >> >> In the master implementation, we thought of keeping it as false by >> default, because there is a possibility that some users may use expired >> certificates for their service provider which we can not restrict. >> > > +1 As certificate has been configured explicitly. > > >> If any client wants to validate the SP certificate expiry time, they can >> make this *<SAMLSPCertificateExpiryValidationEnabled> *property to >> "true" and enable this certificate expiry validation. >> >> Your feedback on this is highly appreciated, if there is any concerns. >> > > Are we fixing SAML2 Bear grant + Outbound SAML response ? > We have not yet done that, but we have plans to add this to all SAML and OIDC flows.[1], which we have not done properly. [1] https://github.com/wso2/product-is/issues/5944 - - *Dinali Rosemin Dabarera* Senior Software Engineer IAM Domain WSO2 Lanka (pvt) Ltd. Web: http://wso2.com/ Email : gdrdabar...@gmail.com LinkedIn <https://lk.linkedin.com/in/dinalidabarera> Mobile: +94770198933 <https://lk.linkedin.com/in/dinalidabarera>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture