You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Diagnosing a broken SAML integration today means reading logs and inferring what ex_saml saw. There is no single command that validates an operator's configuration and surfaces obvious problems before the first SSO attempt.
Goal
A mix ex_saml.diagnostic task that inspects the loaded configuration and reports an actionable, human-readable summary.
Proposed scope
Resolve and print each configured SP and IdP (with id / sp_id wiring).
For each SP: validate cert/key load, key/cert match, and certificate expiry window.
For each IdP: parse metadata, list signing/encryption certs and their expiry, report SSO/SLO endpoints and bindings, and flag missing NameIDFormat.
Context
Diagnosing a broken SAML integration today means reading logs and inferring what
ex_samlsaw. There is no single command that validates an operator's configuration and surfaces obvious problems before the first SSO attempt.Goal
A
mix ex_saml.diagnostictask that inspects the loaded configuration and reports an actionable, human-readable summary.Proposed scope
id/sp_idwiring).NameIDFormat.Why
Notes
--fetchflag is passed for remote metadata.Relates to #17.