0

I have a query regarding the certificate used by IBM AppId to sign SAML requests.I believe this certificate is self-signed by the tenant's ( AppId tenant ) private key and is auto-generated by AppId when 'signRequest' is set to true in the IDP metadata. Please confirm my understanding.

A follow up question on it, is there a API which I can use to update this certificate, lets say the IDP organization expects signed CA certs attached to a valid domain name. I only found an API to GET the AppId SAML metadata, no update API was found that could be used to provide signing certificates to the service provider ( AppId ). Please let me know.

Have seen that the CN name of the certificate generated by AppId has the below CN configuration: subject=C = US, ST = New York, L = Armonk, O = International Business Machines Corporation, OU = IBM Cloud and Cognitive Software, CN = IBM Cloud App ID

data_henrik
  • 16,724
  • 2
  • 28
  • 49
PiFi
  • 11
  • 3
  • Are you referring to this API? https://cloud.ibm.com/apidocs/app-id/management#update-saml-idp-configuration Please update your question with links to your doc sources – data_henrik Aug 10 '20 at 09:51
  • thats the API to update IDP metadata within AppId. Is there is a corresponding API to update AppId ( Service provider ) metadata, so that I can provide a different certificate which will be used by the IDP to validate the signed request. The documentation source I am referring to is at https://cloud.ibm.com/docs/appid?topic=appid-enterprise – PiFi Aug 12 '20 at 06:02
  • I don't understand your question. Could provide more details and add them to your question? Do you want to update certificates used for the SAML provider or for something else? – data_henrik Aug 12 '20 at 07:07

1 Answers1

0

Your understanding is correct, the signing certificate is auto-generated by App ID when signRequest is set to true. There is not a way for a user to update it.

Laura Tebben
  • 1
  • 2