Howdy everyone,
It's me, Brandon Werner, back with you again!.As part of our best practice of protecting customers data world wide, Azure Active Directory periodically rolls the certificates of the service. The Azure Active Directory authentication service will be performing a certificate rollover on 5/23. If you followed the development guidelines outlined below, you should experience no impact. We've included information below so you can review your applications and ensure they are following these best practices.
We do not expect any impact for:
Any application which follows the best practices outlined here: https://msdn.microsoft.com/en-us/library/azure/dn641920.aspx
Any application added from the Azure AD application gallery that has been configured to use SAML or WS-Federation. These applications follow separate rollover cycles and provide separate notifications.
There might be an impact to applications if:
The application takes a dependency on any of the endpoints listed below, but is not configured to automatically update the certificate from the metadata. Best practices on how to automatically update the certificate are outlined here: https://msdn.microsoft.com/en-us/library/azure/dn641920.aspx
Metadata Endpoints Updated
The following metadata endpoints have been updated to publish the new certificate:
https://login.microsoftonline.com/{tenant}/FederationMetadata/2007-06/FederationMetadata.xml
https://login.microsoftonline.com/{tenant}/discovery/keys
https://login.microsoftonline.com/{tenant}/discovery/v2.0/keys
https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration
https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration
https://login.windows.net/{tenant}/FederationMetadata/2007-06/FederationMetadata.xml
https://login.windows.net/{tenant}/discovery/keys
https://login.windows.net/{tenant}/.well-known/openid-configuration
Token Issuance Endpoints Affected
Tokens issued over the following endpoint will switch to using the new certificate only on 5/23:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
https://login.microsoftonline.com/{tenant}/oauth2/authorize
https://login.microsoftonline.com/{tenant}/oauth2/token
https://login.microsoftonline.com/{tenant}/wsfed
https://login.microsoftonline.com/{tenant}/saml2
https://login.windows.net/{tenant}/oauth2/authorize
https://login.windows.net/{tenant}/oauth2/token
https://login.windows.net/{tenant}/wsfed
https://login.windows.net/{tenant}/saml2
If you experience unusual behaviors, visit http://azure.microsoft.com/en-us/support/options/
Thanks,
Brandon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.