Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Request for new functionality
View staffing
Description
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish: When CreateInboundSamlConfig is called, a SAML SP certificate is optionally provisioned if request signing is enabled. But when DeleteInboundSamlConfig is called, the certificate is not deleted. This behavior is not easy to change because if multiple SAML providers are enabled in GCIP, the same SP cert is used for all of them, and thus it isn't safe to delete the cert unless there are no providers using it.
We request a way to rotate SignIn SAML certificates, like being able to create two certificates, each with a different expiration date.
How this might work: According to the documentation, the intended behavior is that when we use DeleteInboundSamlConfig, it would allow us to run CreateInboundSamlConfig and have a new certificate, which is not happening. Since the same certificate is used in all services related, on top of fixing the expected behavior, it would be ideal to have an option to create two certificates, to be able to calmly replace the certificates without issuing any downtime.
If applicable, reasons why alternative solutions are not sufficient: Current solution is not working.
Other information (workarounds you have tried, documentation consulted, etc): NA