mirror of
https://github.com/zitadel/zitadel.git
synced 2025-06-10 17:38:34 +00:00
00b5e55565
# Which Problems Are Solved Certificates created for a SAML IdP (used for metadata and request singing) did not have any validity set. While it's not required for SAML, when trying to import the certificate into a (keychain) tool it might fail. # How the Problems Are Solved The validity is set based on the `CertificateLifetime` set in the runtime config. ## After the fix: If an IdP was created with a certificate without validity, an admin can regenerate the certificate: - for instance wide IdPs: https://zitadel.com/docs/apis/resources/admin/admin-service-regenerate-saml-provider-certificate#regenerate-saml-identity-provider-certificate - for organization specific IdPs: https://zitadel.com/docs/apis/resources/mgmt/management-service-regenerate-saml-provider-certificate#regenerate-saml-identity-provider-certificate Due to the new certificate, the metadata will change and will need to be updated at the external IdP. # Additional Changes Additionally the `CertificateSize` instead of the `Size` (used for keys) is used for generating the certificate, resp. the underlying key pair. # Additional Context - noted by a customer - needs backports --------- Co-authored-by: Elio Bischof <elio@zitadel.com>