feat: idp cert fingerprint and actual idp cert #551
Conversation
|
|
||
| // IDPCertificate to use as idp public certificate. If this field is specified, IDPCertificateFingerprint and | ||
| // IDPCertificateFingerprintAlgorithm must not be specified. | ||
| IDPCertificate *string |
There was a problem hiding this comment.
| IDPCertificate *string | |
| IDPCertificate *x509.Certificate |
Firstly, thank you for this PR. This functionality is something I also want from this package!
Just a thought, maybe the type here should just be a x509.Certificate and the consumer should be responsible for parsing their certificate themselves.
The reason I suggest this is that it's not certain that everyone is going to be using base64-encoded ASN.1 DER strings for their certificates (which it appears from parseCert yours does).
In my case, my (legacy) application simply has them encoded as PEM strings like so: -----BEGIN CERTIFICATE-----\r\nABCEDFG\r\n-----END CERTIFICATE-----, so to use your PR I would likely need to use pem.Decode, then base-64 encode the string, just to provide it to this package, which then base64-decodes it again.
I think this change would make it more reusable.
Service provider should not depend on IDP metadata url being specified.
This PR adds two more options for configuring SP:
Please be so kind and take it into consideration @crewjam