Zoom again, and half-signed Logout requests
Martin Haase
Martin.Haase at DAASI.de
Tue Apr 14 07:20:43 EDT 2020
JFI, Alan Buxey just gave me the information that
https://"yourVanityURL".zoom.us/saml/metadata/sp would not return the
wildcard in every case. In our case the metadata certainly do contain
the mentioned wildcard certificate, in Alan's case they seem to contain
valid certificates. Maybe different licence models?
Martin
Am 14.04.20 um 09:32 schrieb Martin Haase:
>
> Hi list,
>
> some years back, Zoom used to be unable to sign SLO requests. Now they
> do - however, the IdP would not honor them:
>
> ERROR
> [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:301]
> - Credential failed name check: [subjectName='CN=*.zoom.us,OU=Domain
> Control Validated']
>
> I suspect it has to do with the wildcard certificate?
>
> What would you advise - toggle off signing SLO requests? Can I use
> idp.logout.authenticated just for one SP?
>
> Or push back?
>
> Regards
>
> Martin|
> |
>
> --
> Dr. Martin Haase, Solutions Engineer
>
> DAASI International GmbH
> Europaplatz 3
> D-72072 Tübingen
> Germany
>
> phone: +49 7071 407109-0
> fax: +49 7071 407109-9
> email: martin.haase at daasi.de
> web: www.daasi.de
>
> Sitz der Gesellschaft: Tübingen
> Registergericht: Amtsgericht Stuttgart, HRB 382175
> Geschäftsleitung: Peter Gietz
>
--
Dr. Martin Haase, Solutions Engineer
DAASI International GmbH
Europaplatz 3
D-72072 Tübingen
Germany
phone: +49 7071 407109-0
fax: +49 7071 407109-9
email: martin.haase at daasi.de
web: www.daasi.de
Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200414/0f4d0b09/attachment.html>
More information about the users
mailing list