Web 应用程序的 Web 浏览器中的 SSL 证书与 SAML 2.0 安全证书相同吗?

发布于 2024-10-14 23:53:52 字数 642 浏览 4 评论 0原文

这可能不是一个非常聪明的问题,但我已经完成了四处寻找答案的作业,但我似乎找不到它。在这篇文章中,我对 SAML 术语的使用还很陌生,因此我将在下面定义如何使用它们。

身份验证 = 我的公司已实施 SAML,以便我们的 AD/LDAP 对我们使用的其他应用程序的所有用户进行身份验证

服务提供商 = 是提供使用 SAML 2.0 依赖于我们的 LDAP 身份验证的应用程序的公司

据我了解我们遇到的问题是。我们的 SAML 2.0 的实现中使用了一个证书,该证书很快就会过期,一旦过期,所有服务提供商都将无法进行身份验证。

我试图找出如何更改此证书,但我对 Web 浏览器用于 HTTP 的 SSL 证书感到困惑。

任何建议都会很棒。

我刚刚在以下链接中添加了一个相关问题: 过期证书将停止工作?


添加一些信息。 X509证书是我公司自签的。我的联系人告诉我他们将重新颁发相同的证书。我是否必须向 SP 发送公钥?或者我只是改变我的,对他们来说是透明的?


This might not be a very intelligent question, but I have done my homework of looking around for the answer and I cannot seem to find it. I am still to new to use SAML terms in this post, so I will define below how I am using them.

Authentication = My company has implemented SAML so that our AD/LDAP authenticates all our users to other applications that we use

Service Provider = is the company providing the application that is relying in our LDAP authentication using SAML 2.0

As I understand the problem we are having is. There is a certificate used inside the implementation of our SAML 2.0, this certificate will expire soon, and the moment it does all Service Providers will be unable to authenticate.

I am trying to find out were/how to change this certificate, but I am getting confuse with the SSL certificate that the web browser uses for HTTP.

Any suggestions will be great.

I just added a related question in the following link: Expiring Certificate will stop working?


Adding some information. The X509 Certificate was self-signed by our company. My contact told me that they will re-issue the same certificate. Will I have to send a public key to the SPs? Or I just change mine, and is transparent for them?


如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

悲欢浪云 2024-10-21 23:53:52

“SSL 证书”一词是有缺陷的。 X.509 证书在 SSL 出现之前就已存在,并且与 SSL 无关。它们在 SSL 中使用,但这只是用途之一。

您需要找出原始证书是什么以及哪个证书颁发机构颁发了它(或者它是自签名证书)。然后,您可以进一步获取或创建新证书(或重新颁发当前证书)。

更新:如果证书是自签名的,那么其他方可能会将其明确添加到受信任的证书列表中以便接受它。因此,还应该明确添加重新颁发的证书(IOW,您需要将公共部分发送给其他方)。

The term "SSL certificate" is flawed. X.509 certificates existed before SSL appeared, and they are not related to SSL. They are used in SSL, but this is just one of the uses.

You need to find out what the original certificate is and what certificate authority issued it (or it is a self-signed certificate). Then you can move further in getting or creating a new certificate (or reissuing the current one).

Update: if the certificate is self-signed, then the other parties probably added it to trusted certs list explicitly in order to accept it. So the re-issued certificate should also be added explicitly (IOW you'd need to send the public part to other parties).

几味少女 2024-10-21 23:53:52

@Geo - 您的 SAML 实施证书是自签名(也称为自颁发)还是由第三方证书颁发机构签名?另外,您使用什么产品作为 SAML 身份提供商?你知道原图是怎么生成的吗?

@Geo - is your cert for your SAML implementation self-signed (aka self-issued) or signed by a 3rd Party Cert Authority? Also, what product are you using as your SAML Identity Provider? Do you know how the original was generated?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文