Jump to content

Auto Update Certificates


chathway
 Share

Recommended Posts

We have a single SSO profile configured for Azure AD.  In Azure AD we have 3 Apps for Hornbill SSO (Admin, User, & service) all configured for https://*.hornbill.com/*?metadata=hornbill|ISV9.2|primary|z.

We would like to enable "Auto Update Certificates" in the Hornbill SSO profile however,  there is only one configuration for metadata URL.  We would need 3 of these for 3 Azure app instances (each one contains the signing certs thumbprint for the instance).

Could this be added?

In the case of Azure AD the base URL for the metadata is always the same https://login.microsoftonline.com/TENANT_ID/federationmetadata/2007-06/federationmetadata.xml and a parameter on the end of the URL ?appid=APPID_GUID is used to select the correct metadata.  

@Gerry  support mentioned you might be best to help on this ;)

Link to comment
Share on other sites

Hi

Can you confirm if each of the apps metadata on Azure has a different signing certificate and the rest of the metadata is the same across each of the apps?  How do you configure this currently in Hornbill?  I presume you cannot be using the metadata URL and are importing the signing certificates from the 3 apps manually into the SSO profile in Hornbill.

Thanks

Trevor 

Link to comment
Share on other sites

Yes, it's the same Entity Id, HTTP-Redirect, HTTP-Post address just each apps metadata has a different signing cert.

We can import from the metadata URL one of the apps (e.g. user) and that will bring in its signing cert however, the signing certs for the other apps needs to be uploaded manually.

Thanks

Chris

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...