Hi Rushmin/ Shazni,
+1 for storing the certificates in the database.
Regarding the User Experience aspected discussed above, IMHO I think its
better to provide both the option where a user can select the file as in
uploading a file and same as allowing user to input the certificate content
into
Hi Rushmin,
The certificate should be stored in the database so that it is shared and a
restart is not needed.
+1 for the approach. There is a similar implementation[1] in the IoT server
to maintain device identity certificates of the devices for auto enrollment
flows. However, since the client
Yes. Seems both options are viable and has it own pros and cons. I'm +1 for
either option. Just that uploading is little more convenient at the time of
adding it. But having text have its own reason to consider it.
On Sun, Jan 7, 2018 at 11:22 PM, Rushmin Fernando wrote:
>
>
>
Hi Ruwan,
Obviously that makes sense.
I was only contemplating a situation where the DB has the incorrect certs
and the keystore has the correct one and someone getting confused why the
request fails. But this is just an edge case I suppose. If we have the
logic clearly mentioned clearly in the
Hi Shazni,
I think we need only use if the certificate in single place. It should
validate only in DB if one available in DB, and should not check the file
based store.
We only retain the file based strore for backward compatibility.
Resons,
1. It will be easy for the end user to update the
>
> 1) The SP UI will have a new text area to enter the certificate in PEM
format.
Is there any specific reason to use text area here? In IDP UI, we have
an option to upload the idp cert. IMO it is better to have that option in
SP UI as well for the UI consistance. '
>>>
Thanks for the explanation Rushmin. Yeah, it makes sense. +1
Thanks
Godwin
On Fri, Jan 5, 2018 at 3:30 PM, Rushmin Fernando wrote:
> Hi Godwin,
>
> IMO certificate is a first class member of a service provider. So storing
> it as a field in SP_APP is cleaner.
>
> On the
Hi Godwin,
IMO certificate is a first class member of a service provider. So storing
it as a field in SP_APP is cleaner.
On the other hand, the datatype of a certificate doesn't really go with
other metadata.
In the best case, we have to alter the metadata table to hold a VARCHAR of
like 1000
Hi Rushmin,
Any reason to use SP_APP table to persist the certificate? We have a table
called SP_METADATA to SP related metadata. I think we can use that table
without changing any DB Schema. WDYT?
Thanks
Godwin
On Fri, Jan 5, 2018 at 1:33 PM, Rushmin Fernando wrote:
>
>
>
On Fri, Jan 5, 2018 at 11:55 AM, Isura Karunaratne wrote:
> Hi Rushmin,
>
> On Fri, Jan 5, 2018 at 11:50 AM, Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi Rushmin,
>>
>> *How is this done now?*
>>>
>>> The application certificate should be imported to the
Hi Rushmin,
*How is this done now?*
>
> The application certificate should be imported to the keystore file and
> the alias should be mentioned in the service provider so that the service
> provider can validate the signature against the certificate identified by
> that alias.
>
If we have the
In the identity server, a service provider represents the application which
uses the Identity Server as an Identity Provider.
In some cases, Identity Server needs to validate the identity of the
application to make sure the authentication/authorization requests are
coming from the legitimate
12 matches
Mail list logo