User17381904644925537279 (Customer) asked a question.
It looks like the UI for IdPs displays the Issuer field of the SSL Certificate uploaded for signatures instead of the Subject line of the cert itself? This is causing confusion and is not helpful. Example: I uploaded a certificate provided by a 3rd party IdP, that openssl shows as:
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Client CA G2
Subject: organizationIdentifier=somevalue, C=US, ST=Calfornia, L=San Francisco, O=SomeCompany, CN=Company SAML.
When uploaded, the Okta UI for this IdP shows the cert as:
- CN=DigiCert Assured ID Client CA G2, OU=www.digicert.com, O=DigiCert Inc, C=US
This is not very helpful, as MANY things could use that issuer, it does not identify the specific certificate uploaded. It is confusing as it makes me think I uploaded the signing cert and NOT the subject cert.
The specific page I am referring to is "Security->Identity Providers->[select an IdP](Actions->Configure IdP), scroll down to SAML Protocol Settings
Hello @User17381904644925537279 (Customer) , thank you for contacting Okta Community.
This issue seems too complex to be addressed here. I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Join the discussion for Ask Me Anything on February 4, 2025: Advancements in Okta’s On-Prem Directory Integrations