Closed flcno closed 1 month ago
We determined the issue with updating the SAML certificate. Our IDP (Azure) was maintaining the old cert in the Federated XML metadata that we were uploading to cal.com SAMLConnection.tsx
component on the front end.
We had to delete the inactive cert before dowloading the xml, or remove the x509 cert manually from the xml to keep the inactive certs available in Azure portal.
Issue Summary
We are currently self-hosting cal.com on version
4.2.3
. We are utilizing the cal.comweb
andapi
apps and hosting using kubernetes containers and AWS. We have setup SAML login functionality on all our environments successfully and have been using it for users to authenticate with Azure as the idp. We used the saml admin user to add our new certificate when setting up SAML initially. Code reference:SAMLConnection.tsx
This all worked fine once we configured the Azure SAML connection properly to provide cal.com with the right information to authenticate and complete the callback to cal.com web in the right environment.
However, we recently needed to update the SAML certificate and we encountered some issues. When adding the SAML certificate using the saml admin user and navigating the SAML configuration component in cal.com web, it doesn't seem to update properly.
Attempting to login after we update the SAML certificate loop backs to the login page with this url https://.org/auth/login?callbackUrl=https%3A%2F%2F[self-hosted-domain] .org%2Fauth%2Flogin&error=Callback
We noticed that our SAML connection no longer worked and it states our signature is invalid.
A potentially relevant error:
Steps to Reproduce
SAML_ADMIN
userExpected behavior
Once the new certificate is activated in the idp (Azure), I'd expect the cal.com self-hosted application to update SAML certificate correctly and work with the new certificate.
Other information
No response
Screenshots
No response
Environment
Desktop (please complete the following information)