1 Answer
- Newest
- Most votes
- Most comments
0
Sorry, I am not sure if I understand you correctly, you adding the IdP certificate to Identity Center (here the Service Provider). If is this what you are doing, this certificate has to be generated/maintained somewhere else, so you need to track the validity of the certificate on the CA where you generated it. For example, you can use a PrivateCA with AWS to upload the certificates and then using the API query the expiration date for example, but you cannot ask Identity Center for this, it's "problem" of the IdP not of Identity Center.
Best,
answered 9 months ago
Relevant content
- asked 9 months ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated 5 months ago
Thanks for the answer. Yes, the certificate is created in Active Directory Certificate Services and manually added in IAM Identity Center - Settings - SAML 2.0 Authentication. But I don't have access to ADCS. I would like to track the certificate on the AWS side through the CLI, or API. Do you suggest adding the new certificate to AWS ACM in addition to the IAM Identity Center and tracking it using the acm:ListCertificates command? This may be one of the options, but not the most convenient. I would like to get information about the certificate directly from where it is imported (IAM Identity Center - Settings - SAML 2.0 Authentication), without having to add it somewhere else. Is it somehow possible? If not, do you plan to add this functionality? I think it should be in the identitystore.