Hi Goutham,
Usually, signed assertion will bring the certificate with it. So said,
with Fiddler tool, you can get the assertion. Many times it will be the
value of the SAMLResponse. Note that the value of the SAMLRequest can
also bring a certificate if you have configured the request to be
signed. If you can decode the assertion, then you'll get access to the
certificate which you can make it human readable to see the expiration
date. So the Policy Server will check that the one it has in its
Certificate Data Store is the same as the one present in the
assertion.
There are many tools to decode the assertion. If the assertion is in
the SAMLResponse, then you need first to URL Decode it :
https://meyerweb.com/eric/tools/dencoder/Then, you'll need to base64 decode the assertion to get the value and
the certificate. One fo these tools is this one :
https://www.samltool.com/decode.phpFinally, with OpenSSL, you can decode the certificate you'll find in
it :
openssl x509 -in cert.crt -text -noout
But in your idp-certificate expire casestudy.saz, no assertion is
visible. So you need to set the full tracing on the Policy Server
profiler in order to see which certificate is in use (alias) for that
transaction, and then check the content of it using AdminUI for
example.
I hope this helps,
Best Regards,
Patrick
Original Message:
Sent: 10-12-2019 05:51 AM
From: goutham reddy A
Subject: SAML signing certificate Expire - HTTP DEBUG TOOLS
Hi All,
Could any one let know, if it's possible to identify/check SAML signing certificate expire details from any HTTP DEBUG tools like (fiddler).
- In my case, my certificate is expired at IDP end and getting 500 error at browser level.
- For reference attached fiddler trace.
- smps.log
- [10/12/2019][17:26:33][][Failed to Sign Assertion. Unmatched braces in the pattern.][][][][][][][][][1944][140298973857536][][]
Just want to know without checking logs, is it possible to know the expire details of SAML certificate from browser itself.
------------------------------
Regards,
Gowtham.
------------------------------