End of Support for RSA PKCSv1.5 in...

As of NetSuite 2025.1, the support for the RSA PKCSv1.5 scheme in OAuth 2.0 has officially been discontinued. This change impacts the Outbound Single Sign-on (SuiteSignOn) feature, which was previously available but will no longer be supported in production accounts starting from this update.

What’s New

The key change is the full removal of the RSA PKCSv1.5 scheme for OAuth 2.0. Organizations currently utilizing this scheme in their integrations must transition to a more modern and secure authentication method. The recommended alternative is the NetSuite as OIDC Provider feature, which enhances both security and reliability compared to its predecessor.

Why This Matters

Security Enhancement: The new OIDC Provider feature employs more advanced security protocols, reducing the risk of vulnerabilities associated with RSA PKCSv1.5.
Continued Functionality: To ensure integrations remain operational, users must amend their configurations to utilize the OIDC Provider functionality, preventing interruptions to services.
Best Practices: It is advisable to transition as soon as feasible to avoid potential compliance and operational issues that may arise due to the lack of support for older schemes.

Steps for Transition

Assess Current Integrations: Identify any integrations that utilize the RSA PKCSv1.5 scheme for OAuth 2.0.
Plan Migration to OIDC: Engage with development teams to create a migration plan to implement the NetSuite as OIDC Provider feature.
Testing: Conduct thorough testing of the new integration setup in sandbox environments before deployment to production.
Documentation and Update: Update any relevant documentation or training materials to reflect the changes in authentication methods.

Who This Affects

Developers: Responsible for updating and maintaining integrations with NetSuite systems.
Administrators: Tasked with overseeing system configurations and ensuring compliance with security standards.
Integrators: Those who manage cross-system interactions requiring secure authentication will need to adapt their solutions.

Key Takeaways

Support for RSA PKCSv1.5 in OAuth 2.0 ends in NetSuite 2025.1.
Transition to the OIDC Provider feature is necessary for continued functionality.
Enhanced security and reliability come with the adoption of modern authentication methods.
Planning and testing are crucial for a smooth migration process.
Updated methods should be deployed promptly to avoid operational disruption.

Frequently Asked Questions (4)

What authentication methods should I use after the removal of RSA PKCSv1.5?

After the removal of RSA PKCSv1.5, it is recommended to use the NetSuite as OIDC Provider feature for OAuth 2.0 integrations. This method offers enhanced security and reliability compared to the deprecated scheme.

How will the end of support for RSA PKCSv1.5 affect existing integrations?

Integrations currently utilizing RSA PKCSv1.5 will need to be updated to employ the OIDC Provider feature to avoid service interruptions. Failure to transition may result in compliance and operational issues as support for the old scheme is discontinued.

What steps should I take to transition away from RSA PKCSv1.5?

To transition from RSA PKCSv1.5, first assess current integrations that use this scheme. Then, plan a migration to the OIDC Provider feature, conduct testing in sandbox environments, and update documentation to reflect the new authentication methods.

Who needs to be involved in the migration process from RSA PKCSv1.5 to OIDC?

The migration process should involve developers, who will update and maintain integrations, administrators, who oversee system configurations, and integrators, who manage cross-system interactions that require secure authentication.

End of Support for RSA PKCSv1.5 in NetSuite 2025.1