SAML SSO Certificate Revocation Issue

DanBrinton
DanBrinton Domo Product Manager
edited August 2024 in Governance & Security

Who Does This Apply To?: Customers using SAML SSO configured with auth request signing using the certificate with expiration date of 09/2024. (Customers using OIDC and customers using SAML without the requirement to sign auth requests are NOT affected).

Summary: Due to an issue with Domo’s certificate provider, customers who have configured SAML SSO to sign authentication requests must download and install a new certificate. The old cert (expiration date of 09/2024) actually ceased functioning on 2 August, 2024.

How Can I Tell If This Applies To Me?:

  • Navigate to admin settings —> Authentication —> SAML (SSO).
    • Only Domo Admin role users or users with similar elevated role can access this configuration.
  • If SAML SSO is enabled and if the "Sign authentication requests" box is checked (see "Information your IdP may need"), then this notice applies to you and action is required.

Action Required: Download a new certificate from your Domo instance and install it in your identity provider. The new certificate is available for download now in your Domo instance:

  • Navigate to admin settings —> Authentication —> SAML (SSO).
    • Only Domo Admin role users or users with similar elevated role can access this configuration.
  • In the section “Information your IdP may need”, click the button to download the new certificate (Expires: 08/2025).
    • See screen shot below
  • Work with your identity provider administrators to install the new certificate in your identity provider.

Please reach out to your Domo account team or Domo Support with any questions or concerns you may have.

image.png

Categories