Not Considering

8 months ago

Since Tridion Sites 10 release we have dropped support of web-based (old way configuration) SAML authentication. Configuring a certificate in old way into .config fileas is not relavent anymore.

Instead you have to configure SAML authentication by configuring SAML idp in Access Management. Tridion Access Management provides centrilized security configuration for all Tridion applications.

Doing away of having 'thumbprint" in any Tridion configuration files.

When setting for SAML authentication, Tridion provided powershell script such as 'SetupSAML.ps1' added/updated 'thumbprint' into a few .config files (such as %TRIDON_HOME%\bin\TcmServiceHost.exe.config).

For customer that have ssl certificate that expire yearly, and who has many environment/system, it is a huge chore to update certificates as all those Tridion configuration files need to be updated again accordingly.

It would be ideal if we can come up with a way to either store the thumbprint in just one file (or somehow doing away of not storing any thumbprint information in any Tridon configuration files.

Brandon Truong

Neil Gibbons 11 months ago

.NET Framework supports externalising configuration files Brandon. See https://stackoverflow.com/questions/5162565/web-config-external-file-for-system-servicemodel and https://stackoverflow.com/questions/6940004/asp-net-web-config-configsource-vs-file-attributes.

In theory you could try creating a single file (maybe in mapped drive), create a virtual directory in IIS to get this under the site tree for Tridion and add a configSource attr to a <behaviour /> element.

NB - I've never tried this!

Still not ideal though if you have to apply this other config sections.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Tridion Ideas > Tridion Sites Ideas

Doing away of having 'thumbprint" in any Tridion configuration files.