如果ADFS服务器具有自签名证书、则ONTAP SAML设置将失败
适用场景
- ONTAP 9.9+
问题描述
- ONTAP 无法下载联合元数据、因为它不信任ADFS服务器
- AD基础架构的URL具有CA签名的证书、但池中的实际ADFS服务器使用自签名证书
- 命令行界面上的错误:
saml-sp create
-
Error: command failed: [Job 10695] Job failed: SAML job failed, Reason: Failed to download data from URL https://auth.corp.net/FederationMetadata/2007-06/FederationMetadata.xml.Reason: SSL peer certificate or SSH remote key was not OK : SSL certificate problem: unable to get local issuer certificate.
The system encountered an error at Tue Feb 14 17:58:10 2023 at https://corpadfs3.dept.loc.corp.net/saml-sp/SAML2/POST
Message was signed, but signature could not be verified.
-