SimplesAml无法验证签名错误
今天,2022年6月23日,我们正在经历一种神秘的现象,我根本看不到自己。
我们是一家软件公司,我们的客户使用SimpleSAml使用Azure AD作为登录方法。
这意味着这些是不同的网站,并具有不同的相关Azure广告。
今天,我们已经看到7个不同的站点包括。我们自己的一个经验丰富的是出现错误:
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Caused by: Exception: Unable to validate Signature
上面的元数据刷新可以解决,并且页面再次存在而没有任何问题。 没有证书到期,最早的证书才能到2023年才到期。
我找不到Microsoft或Azure的任何全球问题,并且我们的设置工作很长时间了,并且随着元数据的刷新,它又可以正常工作。
有人有任何线索吗?有7种不同的网站,不同的Azure设置和不同的元数据似乎在同一天彼此之间经历了这种问题,这似乎很奇怪。
当心我们每天都在运行一个cronjob,以确保元数据得到刷新。
Today, June 23rd, 2022, we are experiencing a mysterious phenomenon that I simply can not see myself out of.
We are a software company where our customers use Azure AD as a login method using SimpleSAML.
This means that these are different websites with different associated Azure ADs.
Today, we have seen that 7 different sites, incl. one of our own, experienced to get the error:
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Caused by: Exception: Unable to validate Signature
The above is solved with a refresh of the metadata, and the pages are live again without any problems.
No certificates are due to expire, and the earliest will not expire until 2023.
I can not find any global issue with Microsoft or Azure, and our setup has been working fine for so long, and with the refresh of metadata, it's working again.
Does anyone have any clue on, what could be the issue? It just seems strange that there are 7 different websites, with different Azure setups and different metadata who experience this kind of issue on the same day, within 8 hours of each other.
Beware that we are running a daily cronjob to ensure metadata is refreshed.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Microsoft产品会自动执行证书的转盘。因此,您可以自动将与新证书的派对自动汇入。刷新元数据解释了为什么解决问题。
ADFS/AD将在元数据中拥有一段时间的旧证书,然后再无效,因此定期刷新应努力使服务保持工作而无需停机。
Microsoft products automatically perform rollover for their certificates. So it can be that the parties you interfaces with automatically rolled over to new certificates. Refreshing the metadata explains why that solved the problem.
ADFS/AD will have the old and new certificate both in metadata for a while before the old one is invalidated, so periodic refresh should work to keep the service working without downtime.