In our SAML SSO Setup, currently we are using tomcat certificate in Service Provider metadata for signing and encryption purpose, but since many CAs are providing certificate validity to be very less (30-60 days), It is getting painful to redo the cumbersome SSO Setup on our huge server cluster, everytime the tomcat certificate changes. We are coming up with a new solution to use a different certificate that is self-signed and remains valid for years(>5) for the signing & encryption purpose in SP metadata. Please guide would that be a good choice from a security point of view?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!