search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
742 stars 720 forks source link

SAML IDP connection template does not have an option to get the public certificate. #18020

Open sadilchamishka opened 10 months ago

sadilchamishka commented 10 months ago

Describe the issue:

When onboard a SAML IDP connection, the public certificate of the Identity server should be shared with the external IDP. The current SAML IDP connection template doesn't have an option to download/get the public certificate.

Ideally, the public certificate of the IS should be able to download from the SAML connection template to increase the user experience.

Expected behavior:

A kind of view (only the certificate) which can be seen in the SAML App info tab should be available for the SAML connection.

Screenshot 2023-11-22 at 09 54 54

Environment information (Please complete the following information; remove any unnecessary fields) :

pavinduLakshan commented 9 months ago

In SAML applications, the IdP certificate is retrieved from GET /identity/metadata/saml2 [1][2], We should call the same endpoint and show an option in the IDP UI to download the certificate.

[1] curl 'https://localhost:9443/t/carbon.super/identity/metadata/saml2' \ -H 'Access-Control-Allow-Origin: https://localhost:9001/t/carbon.super/console' \ -H 'Accept: application/json' \ -H 'Referer;' \ -H 'Authorization: Bearer 3d2a15ec-959e-3ae4-a26a-54062e37179a' \ -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36' \ --compressed \ --insecure

[2]

Screenshot 2023-12-02 at 10 42 12
pavinduLakshan commented 9 months ago

Marking as on hold as this is not currently a critical requirement.

EDIT: Currently a user can create a SAML app, download the IdP certificate from its info tab and use it to configure their external identity provider. Hence, marked as non-critical and on-hold.

chamathns commented 9 months ago

Marking as on hold as this is not currently a critical requirement.

This is not a new feature. We cannot break/remove any feature (unless it's deprecated) that we already had.

aaujayasena commented 8 months ago

Based on this comment https://github.com/wso2/product-is/issues/18020#issuecomment-1837051387, removing the on-hold label. @pavinduLakshan

kayathiri4 commented 7 months ago

If a user wants to configure Asgardeo as an external OIDC IDP, currently there is no way to download the public certificate from the OIDC application created in Asgardeo side.