Can Auth0 support certificates in the secondary position? We are working with a customer that is in the process of changing certs and want to put the new cert in the secondary position.
Hi @thuan.nguyen,
Welcome to Auth0 Community!
Are you referring to the certificate used for SAML connections? If so, unfortunately Auth0 does not support more than one certificate for SAML connections currently.
Therefore you will need to coordinate with the IdP changing the public key certificate on your connection with when they start using their new private key to sign responses, otherwise Auth0 will fail validation for those responses as it no longer trusts the IdP is who it says it is.
Aside from the timing of this operation it is a simple process, you just need delete the existing certificate from your connection’s settings tab, then upload the new PEM file and save the connection’s changes. Auth0 will then use that new certificate to validate the IdP’s responses.
If you would like to see this functionality in a future release of Auth0, we would recommend you submit a feature request using this form: Auth0: Secure access for everyone. But not just anyone. .
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.