OpenID Connect ID-tokens issued by Feide are signed using a certificate that expires Wednesday 6 October 2021. To prevent any compatibility issues, we will be replacing this certificate in week 33 (Monday 16 August until Thursday 19 August).
Most applications are configured to automatically fetch updated certificate information from the OpenID Connect provider. For those applications, no change should be required during this process. However, you may want to keep an eye on your application
Tuesday 17 August at 13:00, which is the time that we switch to issuing ID-tokens using the new certificate. If you see any problems, you may need to force the application to refresh its configuration.
The new certificate will be deployed using a key rollover. This happens in three stages:
- Monday 16 August at 13:00: We will add the new certificate to the list of valid certificates for our OpenID Connect provider. When OpenID Connect clients fetch our configuration, they will receive a list of two valid certificates from the JSON Web Key Set
endpoint at
https://auth.dataporten.no/openid/jwks.
- Tuesday 17 August at 13:00: We will configure our OpenID Connect provider to start issuing ID-tokens using the new certificate.
- Thursday 19 August at 13:00: We will remove the old certificate from our configuration. After this time, our OpenID Connect will only return the new certificate from the
JSON Web Key Set endpoint.
If you have any questions or concerns about this change, please contact us at kontakt@uninett.no.
Best regards,
Olav Morken
Uninett / Feide