[IdP] Authentication is successful with an expired Azure AD  certificate
Web icon
Forge component by João Barata

We are using IdP to authenticate application in OutSystems against our Azure AD instance. 

It seems like the IdP does not check whether or not the IdP certificate is still valid or not. In one of our environments, the Azure AD cert expired and still continued to authenticate users into the system.

This seems like a major security vulnerability. Has anyone else experienced this issue? Is there a way to fix this?

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.