3:31 p.m.
It uses oic.oauth2.Client internally (
https://github.com/OpenIDC/pyoidc/blob/master/src/oic/oauth2/__init__.py#L1… ) and I see
verify_ssl default value is True so my guess is that certificates are (attempted to be)
verified but ca_certs is None so it doesn't know what to verify it against (
doesn't know of any CAs ) .
We could pass this as a parameter in the OIDC frontend or change pyoidc to look for the
system cacerts if it doesn't know of any.
I have a long flight next week and I could look into this if you make an issue out of it
in Github
Ioannis
-------- Original Message --------
Subject: Re: [satosa-users] how to get certificate verification on backend calls
Local Time: November 9, 2017 6:55 PM
UTC Time: November 9, 2017 4:55 PM
From: fox at washington.edu
To: Scott Koranda <skoranda at gmail.com>
satosa-users at lists.sunet.se
No, I mean the requests to a social OIDC OP, e.g. Google, to to the
token or userinfo endpoint. With those I'm getting an InsecureRequestWarning from
urllib3.
Jim
---------------------------------------------------------------
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users
How can I
get the https gets on the backend processes to verify
certificates?
Are you asking how you can get SATOSA to use TLS trust for remote SAML
metadata that it needs to pull down?