Closed johnclary closed 3 years ago
johnclary
commented
5 years ago I'd like to get this done in Sprint 3, because we have a potential login outage looming when our Data Tracker cert expires (I am 90% sure it's valid for 10 years, but I can't find my notes on the G drive)
johnclary
commented
5 years ago Since this process also involves moving things to the new Azure ADFS, John D went ahead an configured these. So they're read to go, just need to update the Knack configs with the new certs and match the metadta config that is in the Signs & Markings app. Will start with the DTS portal, and if all goes well with update Financy & Purchasing and Data Tracker after hours. No service interruption is expected.
johnclary
commented
3 years ago At this point the majority of our apps should be using the same self-signed cert on the Azure AD. We will review the status of all certs in all Knack apps with COACD enabled when we plan for our annual certificate renewal. We have a calendar reminder set for may 31st to begin this processs.
johnclary
commented
3 years ago See #6524.
We have different self-signed x509 certificates in our Knack apps that use SAML/ADFS login. That's my bad. There are a number of problems here:
To do this we need to provide CTM ADFS team (currently John Dykowski) with our latest cert see docs, here. At the same time, we will need to install the certificate across all our Knack apps.
This will have to be carefully planned, because users will be unable to login if our certs are not updated in the Knack applications and ADFS provider at the same time.
Current apps with ADFS:
These apps have already been configured with the same certificate that is currently in 1Password. They do not need to be modified: