Hello,
Here are details of these attributes and some recommendation for how to update them with the management API.
signingCert is the base64 encoded version of the certificate which you want to update for the SAML connection. With a quick test with https://www.base64encode.org/ I can get the same encoded certificate when I select UTF-8 as the destination character set and CRLF as the destination new line.
cert is the decoded (clear text) version of the certificate which you upload from the dashboard.
expires is the Validity - Not After attribute in the certificate.
subject is the Subject attribute in the certificate.
thumbprints is the certificate’s thumbprint which you may also calculate with a tool like openssl. It is stored without colons on the Auth0 side
E.g.
“thumbprints”: [
“4e66c2188bd0635cb736b42914e585af6d08620b”
],
openssl x509 -in saltukalakus.cer -fingerprint -noout
SHA1 Fingerprint=4E:66:C2:18:8B:D0:63:5C:B7:36:B4:29:14:E5:85:AF:6D:08:62:0B
You will only need to update the signingCert using the management API, rest of the above attributes are automatically generated. So here are the steps:
1- Encode your certificate with base64.
2- Use signingCert attribute in the options object to modify the connection with the encoded certificate from step-1.
3- Read the thumbprints attribute from the management API response and check it with your calculated fingerprint to make sure that operation completed successfully.
Also, please note that, for an existing connection, if you need to update the signingCert with the management API, existing attributes in the options object should be used while making the patch request otherwise they will be lost. For the following attributes though you can remove them safely e.g. cert , expires , subject , thumbprints as they will be recalculated and updated with the new signingCert attribute.
So the actual flow should be like this for an existing connections:
1- Read the connection configuration with the management API.
2- Extract the options section.
3- Remove cert , expires , subject , thumbprints form the extracted options object.
4- Calculate the new base64 encoded certificate and add it as signingCert in the options. So you will have something like in this link in step 4.
5- Use this as the payload to modify the connection.
6- Get the calculated thumbprint and compare it with the calculated digest to make sure that everything is as expected.