0
Completed

Identity Broker for Frontier chris21 - ability to use SSL with certificate that doesn't match endpoint address

Shane Day (Chief Technology Officer) 5 years ago in UNIFYBroker/Frontier ichris/chris21 • updated by anonymous 4 years ago 2

CloudBroker requires the following:

  • SSL on all communication

IDBCHRS will fail if the end-point address (a public DNS entry) is different to the certificate supplied by the IIS end-point, something that is entirely likely to happen if a customer cannot use their NAT to set up SSL and terminate at that address. For example:

IDBCHRS is set to connect to unify-demo-idbchrslite-1-chrs.cloudapp.net, however the AD certificate is issued by the domain CA which makes the certificate idbpc21-chrs.demo.unifysolutions.net.

The chris21 connector should permit the certificate to be determined by a name in the our configuration. The certificate must still be valid against the local machine certificate store.

Affected Versions:
Fixed by Version:

I've released v4.1.0 RC2 on SUBIDBCHRS:Downloads. Configuration is identical to the change in Identity Broker for Microsoft Active Directory.

Had been tested in IDaaS for chris21. Thanks.