[IdP] Authentication is successful with an expired Azure AD certificate

Back to Forums

Shiraz Amin

[IdP] Authentication is successful with an expired Azure AD certificate

Question

Active Directory

Authentication

Forge

Security

We are using IdP to authenticate application in OutSystems against our Azure AD instance.

It seems like the IdP does not check whether or not the IdP certificate is still valid or not. In one of our environments, the Azure AD cert expired and still continued to authenticate users into the system.

This seems like a major security vulnerability. Has anyone else experienced this issue? Is there a way to fix this?

31 Jan

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines