Skip to content

Add ability to trust customer TLS certificates for IdP metadata #7091

@wfchandler

Description

@wfchandler

We offer the ability to query an IdP provider's metadata URL during silo setup. However, many customers will have their own internal certificate authority that is not part of the standard trusted cert store.

Currently we have no way to allow Nexus to trust the cert, forcing the customer to fall back on using base64_encoded_xml SAML. This is less convenient, it would be nice for customers using their own certs to be able to use this feature. Note that this refers only to the public key, we never want to access or store the private key.

AFAIK there are no other situations where the rack will initiate an outgoing connection, so this certificate store would be used solely for IdP metadata.

Metadata

Metadata

Assignees

No one assigned

    Labels

    customerFor any bug reports or feature requests tied to customer requestsidpsecurityRelated to security.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions