|
|
|
|
|
|
by shimms
3301 days ago
|
|
|
Yup - we had to reconfigure each service that uses SAML today. Also don't forget having to audit each service's API keys/tokens/local users etc to make sure someone hasn't gotten access via a compromised certificate and then created a sneaky API key for them to use in the future. Basically we had to assume every app had been compromised and rotate every internal key/certificate the was in each one, as well as reconfigure them with a new SAML certificate. |
|
|