GitHub OIDC is now using library of trusted CAs #763

wellsiau-aws · 2023-07-07T22:59:39Z

Describe the issue

I noticed that the GitHub action identity provider in the AWS IAM console now has a banner as follow:

AWS secures communication with this OIDC identity provider (IdP) using our library of trusted CAs rather than using a certificate thumbprint to verify the server certificate of your IdP. 
Your legacy thumbprint(s) will remain in your configuration but will no longer be needed for validation.

This should permanently solve the frequent problems as reported in #357

I suggest that to add short blurb in the sample-iam-oidc-cloudformation-template to account for this changes.

The text was updated successfully, but these errors were encountered:

peterwoodworth · 2023-07-07T23:31:57Z

We're on it, thanks for noticing this and letting us know!

github-actions · 2023-07-07T23:49:30Z

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

wellsiau-aws added documentation This is an issue with documentation needs-triage This issue still needs to be triaged labels Jul 7, 2023

peterwoodworth removed the needs-triage This issue still needs to be triaged label Jul 7, 2023

kellertk mentioned this issue Jul 7, 2023

Update README.md for OIDC changes #764

Merged

peterwoodworth closed this as completed in #764 Jul 7, 2023

kellertk mentioned this issue Jul 8, 2023

OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint #357

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub OIDC is now using library of trusted CAs #763

GitHub OIDC is now using library of trusted CAs #763

wellsiau-aws commented Jul 7, 2023

peterwoodworth commented Jul 7, 2023

github-actions bot commented Jul 7, 2023