With recent TeamDesk update we added new single sign-on certificate options to allow using custom certificates for data encryption. Why is this important?
As the part of the login/logout process Identity Provider and Service Provider exchange with messages. Messages are encrypted with asymmetric cryptography. This is one party have private key to encrypt the message and other party or parties have public key to decrypt (but not encrypt) the message. Private key is kept secret at first party. And Identity and Service providers pass public keys to each other as a part of the setup process.
The certificate is the convenient way to pack keys and other data such as issuer, whom the certificate issued to and its validity period together. But once one party changes the certificate you should update the other.
Previously to encrypt single sign-on communication we were using the same certificate we use to encrypt HTTPS traffic. But it has its own lifetime, and if we change it without prior notice we may break single sign-on. No longer.
With new single sign-on certificate options we added an ability to generate self-signed certificate dedicated for encryption and valid for 10 years. And if you want even more control, you can upload your own one. Or, if you are fine with our HTTPS certificate, choose “default certificate”.
And as a little bonus, clicks on the links in Service Provider section now copy the URL to clipboard.