基于 SAML 的登录- 单一登录

Question

通过python使用服务商提供的元素据xml文件更新SSO单点登录的证书公钥等信息，但是服务商提供的元数据xml文件里面同时包含旧的公钥信息和新的公钥信息，部署成功后，虽然SSO能正常访问，但是Microsoft Azure上查到的证书(base64)是旧的公钥，并且过期时间没有更新，但是联合元数据 XML和我部署的是一致的，请问是不是证书过期后Microsoft Azure会自动更新元数据 XML里面新的证书

Answer 1

Hi @Deng

The answer to this depends on how your application is configured to retrieve certificates, but it can take 48 hours for the changes to reflect. Also, if there is an issue with browser caching, you can try clearing your browser cache or using a different browser.

If your application doesn't have any validation for the certificate's expiration, and the certificate matches in both Azure Active Directory and your application, your application is still accessible despite having an expired certificate, like you mentioned. https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/tutorial-manage-certificates-for-federated-single-sign-on

If the certificate has expired, you can upload a new certificate under Your application > Single sign-on > Set up Single Sign-On with SAML page.

Azure AD configures a certificate to expire after three years when it is created automatically during SAML single sign-on configuration. Because you can't change the date of a certificate after you save it, you may need to create a new certificate. For steps to create the certificate, see Create a new certificate.

That said, it is difficult to fully assess this issue without more information. Can you please provide us with the specific steps you have taken to update the SSO certificate public key and other information? Additionally, can you please provide me with the metadata XML file you received from the service provider?

If you provide more details I will be able to better assist.

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.