IdP Certificate Validity Check
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
identitycenter-idp-certificate-expiration-check |
|
Identifier |
IdP Certificate Validity Check |
|
Description |
If the remaining validity period of an SAML-based IdP certificate is less than the specified period, this certificate is non-compliant. |
|
Tag |
identitycenter |
|
Trigger Type |
Configuration change |
|
Filter Type |
identitycenter.idp |
|
Rule Parameters |
daysToExpiration: the number of days before the certificate expires. The default value is 90. |
Application Scenarios
IAM Identity Center supports identity federation with Security Assertion Markup Language (SAML). IAM Identity Center adds SAML IdP capabilities to either your IAM Identity Center identity store or external identity provider (IdP) applications. Users can then single sign-on into services that support SAML, including the Huawei Cloud console and third-party applications. You may need to import certificates periodically to rotate invalid or expired certificates issued by your identity provider. This helps prevent authentication disruption or downtime. The process of replacing old certificates with new ones is called certificate rotation.
Solution
Replace the certificate when it is about to expire. For details, see Rotating a Certificate.
Rule Logic
- If the remaining validity period of an SAML-based IdP certificate is less than the specified period, this certificate is non-compliant.
- If the remaining validity period of an SAML-based IdP certificate is longer than the specified period, this certificate is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
