We have setup OAuth 2.0/OpenID for Athentication of Users.
That work fine so far.
Now the Shared Secret expired and was replaced by a new one. (Fully Automated).
But the corresponding QBMIdentityClient.SharedSecret wasn't updated.
Another issue is, that the SharedSecret isn't encrypted in the DB. As far as I know, it isn't possible to encrypt, sind the WebApplication doesn't have the private key to decrypt it.
I'm wondering, what is the best practice for that situation.
It would be nice, if this value can be evaluated by script (like variables in sync project can do so). This would allow us, to read it each time from cyberark to alway get the newest one.
Another way is to poll for the newest secret and safe it in the DB. But then it is still there in clear text. That's not fun!
Was it also possible to configure the whole IdentityProvider/Application thing in the web.config file?
Any other approaches?
Patrick
PS: We have Release 9.2