Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-2138

Provide multiple Public x509 certificate on SAML configuration.

XMLWordPrintable

    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Suggestion

      Currently, we can configure only one public X.509 certificate in the SAML configuration. However, when a user wants to update the certificate, there is a possibility of downtime.

      To improve reliability, it would be beneficial to support multiple public X.509 certificates, allowing customers to switch between them automatically.

            [ACCESS-2138] Provide multiple Public x509 certificate on SAML configuration.

            Brian added a comment - - edited

            Oops, I assumed this was for Jira/Confluence due to my search that ended here.
            Wonder if it IS possible in Jira/Confluence.... **

            Agreed!

            Servicenow has this ability, just saying.
            So ADFS can create its new Certificate anytime, send it to Servicenow operations that can add it to valid certificates.  
            When ADFS actually switches to the new certificate, Servicenow will start using the already known new certificate from its list of valid ones.

            No downtime.

            With Atlassian/ADFS in Jira/Confluence, we have to coordinate with the exact time that ADFS switches certificate, to avoid downtime for users trying to log in.

            Since the x509 field in IdP is only a text field with BEGIN/END, it seems a rather trivial task to allow at least two entries in that field and use the one that works, when users attempt login. But hey - I'm not a programmer

            Brian added a comment - - edited Oops, I assumed this was for Jira/Confluence due to my search that ended here. Wonder if it IS possible in Jira/Confluence.... ** Agreed! Servicenow has this ability, just saying. So ADFS can create its new Certificate anytime, send it to Servicenow operations that can add it to valid certificates.   When ADFS actually switches to the new certificate, Servicenow will start using the already known new certificate from its list of valid ones. No downtime. With Atlassian/ADFS in Jira/Confluence, we have to coordinate with the exact time that ADFS switches certificate, to avoid downtime for users trying to log in. Since the x509 field in IdP is only a text field with BEGIN/END, it seems a rather trivial task to allow at least two entries in that field and use the one that works, when users attempt login. But hey - I'm not a programmer
            SET Analytics Bot made changes -
            Support reference count New: 1
            Takeshi Muramatsu created issue -

              Unassigned Unassigned
              a5d57c498007 Takeshi Muramatsu
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: