问题
I am Authenticating all my users through a Microsoft product using SAML 2.0 with a X509 Certificate. The certificate is close to expiration, and I am not sure if after the certificate expires, my Service Providers will continue accepting my tokens.
I am very VERY new to SAML and SSO in general, so my apologies for not using the right terms.
回答1:
If your Service Providers are compliant to the specification they will stop processing your SAML messages (Responses) once your signing certificate expires.
Unfortunately, there is no easy way to tell ahead of time. You will probably need to contact each one to find out how they handle this situation -- homegrown solutions may be more lenient than commercial products in this regard and allow SSO transactions to continue.
来源:https://stackoverflow.com/questions/4820456/will-my-saml-2-0-sso-implementation-continue-working-after-the-x509-certificate