Metadata_url for SAML should support fetching certificate information dynamically

In environments where certificates are rotated automatically every few months (Azure AD), the current strategy of fetching the metadata once and then saving it as manual settings will require refreshing it whenever the certificate is rotated.
Metadata_URL being set should cause a dynamic fetch at login time.
  • Austin Merritt
  • Nov 23 2016
  • Likely to implement
  • Attach files
  • warren lester commented
    August 21, 2017 14:45

    We recently had an issue with annual renewal of ADFS certificates which gave rise to fingerprint inconstencies.