Overview
This article will explain how to receive notifications when a connection’s SAML certificate expires earlier than 30 days.
Applies To
- SAML Certificates
Solution
The workaround for this type of request would be to manually set up a notification system based on the GET /api**/v2/connections** endpoint with the Management API to retrieve all the certifications and their expiration dates.
Here is an example CURL command that will return just the options objects from each of the SAML connections:
curl -L 'https://{auth0_domain}/api/v2/connections?strategy=samlp&fields=options&include_fields=true' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {token}'
Here is an example of the options object from a SAML connection
"options": {
"cert": "-----BEGIN CERTIFICATE-----*****************-----END CERTIFICATE-----",
"expires": "2031-01-11T23:53:50.000Z",
...rest of options
},
This CURL command can also be used with a script that will automatically perform this check based on a certain time. In the script, specify whether the “expires” is less than 30, 60, or 90 days, etc.
Short Steps:
- Create a Script to automatically ping the API to receive the certificates for the required length of time.
- Add to the Script that if the “expires” parameter has less than 60 days to provide notifications through different methods that the certificate is about to expire.