Improve answers to common partner questions #590
Conversation
ajfarkas
left a comment
ajfarkas
left a comment
There was a problem hiding this comment.
One suggestion, non-blocking.
| There is no registered certificate that matches the signature of the `client_assertion` JWT that is being passed as part of the token. request. | ||
| ##### What to do: | ||
| - Ensure that the public certificate that matches the private key used to sign the JWT is registered in your application's configuration in the [Partner Portal](https://dashboard.int.identitysandbox.gov/){:target="_blank"}. | ||
| - Ensure that the public certificate that matches the private key used to sign the JWT is registered in your application's configuration in the [Partner Portal](https://portal.int.identitysandbox.gov/){:target="_blank"}. |
There was a problem hiding this comment.
👏 praise: I appreciate you catching these.
| **For OIDC integrations or SAML integrations sending signed requests:** | ||
|
|
||
| 1. Add the new certificate to the application portal configuration. | ||
| 1. Generate your new public/private keypair. |
There was a problem hiding this comment.
❔ question: is it worth including the link to generating a keypair here?
We're able to link directly to this section, so users may miss the link above.
There was a problem hiding this comment.
That's a good idea. For production, we prefer that the certificate be signed by a Certificate Authority, as opposed to being self-signed. I believe that involves different steps than the ones we have. Should we create separate instructions for CA-signed certs?
There was a problem hiding this comment.
That would be great, if you have the bandwidth.
There was a problem hiding this comment.
Yes, I can do that, but can it be in a separate PR?
|
Sure thing. I think there is only the failing test to fix.
AJ Farkas
Integration Engineer, Login.gov
…On Tue, Jan 20, 2026 at 2:51 PM Moncef Belyamani ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In _pages/production.md
<#590 (comment)>
:
> @@ -167,22 +167,34 @@ If you are rotating your application’s public/private keypair, or want to add
**For OIDC integrations or SAML integrations sending signed requests:**
- 1. Add the new certificate to the application portal configuration.
+ 1. Generate your new public/private keypair.
Yes, I can do that, but can it be in a separate PR?
—
Reply to this email directly, view it on GitHub
<#590 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB32O7IBZA5JUK4PYHJMN234H2BK7AVCNFSM6AAAAACSJGLCYGVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTMOBUGAYTCNRRGE>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
|
It doesn't look like the failing spec is related to this PR. Running |
This PR includes the following changes: - Replace references to "dashboard" in the Portal URL to "portal" - Specify the email domains that can't be used to create accounts in the sandbox - Specify that only .gov/.mil users can create Teams in the portal - Improve OIDC Getting Started docs to point to existing instructions so we only need to maintain them in one place - Improve the certificate rotation steps
This PR includes the following changes: