Is there an example of this somewhere?
I’m afraid we don’t have an example implementation of this interface.
The default implementation covers the majority of use cases.
Could you let me know why you’d like to implement this interface?
It’s possible your requirements can be met with the existing functionality.
If that’s not the case then I can provide some example code for implementing ICertificateManager.
[quote][/quote]
I'm afraid we don't have an example implementation of this interface.
The default implementation covers the majority of use cases.
Could you let me know why you'd like to implement this interface?
It's possible your requirements can be met with the existing functionality.
If that's not the case then I can provide some example code for implementing ICertificateManager.
The default implementation covers the majority of use cases.
Could you let me know why you'd like to implement this interface?
It's possible your requirements can be met with the existing functionality.
If that's not the case then I can provide some example code for implementing ICertificateManager.
Thank you for the help. We are looking to offer an interface where customers can upload their certificates to be stored by us. (There will be many potential IdP partners.)
Your application rather than our interface will support the uploading of customer certificates.
Will you store these certificates either on the file system or in the Windows certificate store?
If so, then the default certificate manager may be used.
You’d only ever need a custom certificate manager if certificates were stored elsewhere (eg in a database).
[quote][/quote]
Your application rather than our interface will support the uploading of customer certificates.
Will you store these certificates either on the file system or in the Windows certificate store?
If so, then the default certificate manager may be used.
You'd only ever need a custom certificate manager if certificates were stored elsewhere (eg in a database).
Will you store these certificates either on the file system or in the Windows certificate store?
If so, then the default certificate manager may be used.
You'd only ever need a custom certificate manager if certificates were stored elsewhere (eg in a database).
I didn't see that manager either? We aren't sure yet, but are leaning towards a file system.
It’s the ComponentSpace.SAML2.Certificates.CertificateManager. This is the default certificate manager that’s used if no other is specified.
It supports certificates on the file system or in the Windows certificate store identified through the SAML configuration (ie the certificate file name, certificate serial number etc).
[quote][/quote]
It's the ComponentSpace.SAML2.Certificates.CertificateManager. This is the default certificate manager that's used if no other is specified.
It supports certificates on the file system or in the Windows certificate store identified through the SAML configuration (ie the certificate file name, certificate serial number etc).
It supports certificates on the file system or in the Windows certificate store identified through the SAML configuration (ie the certificate file name, certificate serial number etc).
Thank you!
You’re welcome!
I know this forum topic is a bit old but I had a potentially related question:
Does ComponentSpace SAML V2.0 for .Net support multiple public certificates? We want to avoid temporary outages that occur when we update certificates...
Thoughts?
Does ComponentSpace SAML V2.0 for .Net support multiple public certificates? We want to avoid temporary outages that occur when we update certificates...
Thoughts?
Yes. You can specify multiple certificates (up to three). This is especially useful when certificates are about to expire.
For example, as well as a LocalCertificateFile, you can specify a SecondaryLocalCertificateFile and TertiaryLocalCertificateFile.
Similarly, as well as a PartnerCertificateFile, you can specify a SecondaryPartnerCertificateFile and a TertiaryPartnerCertificateFile.
For the local certificate, signatures are always generated with the LocalCertificateFile.
If acting as a service provider and a SAML assertion is being decrypted, the decryption is attempted using the LocalCertificateFile. If that fails, the SecondaryLocalCertificateFile and then the TertiaryLocalCertificateFile are used.
For partner certificates, signatures are verified using the PartnerCertificateFile. If that fails, the SecondaryPartnerCertificateFile and then the TertiaryPartnerCertificateFile are used.
A common scenario is that a partner provider is about to roll over a certificate that will soon expire. You can configure the current certificate as the PartnerCertificateFile and the new certificate as the SecondaryPartnerCertificateFile. Once the roll over is complete, at some convenient time, you can update your SAML configuration to specify the new certificate as the PartnerCertificateFile and drop the SecondaryPartnerCertificateFile.