Updating an expired Service Provider certificate in a SAML Authentication Service
If you are using a SAML Authentication service and your Service provider certificate has expired, then you need to create a new keystore, select that keystore under Service Provider details, and re-export the service provider metadata to the identity provider.
To complete this process, you must complete the following 3 tasks in this order:
- Create a keystore with a valid expiration.
- Configure the keystore.
- Re-export the service provider metadata into the Identity Provider metadata.
Create a keystore with a valid expiration
A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. A valid expiration is any expiration date that is in the future.
- Follow the steps in Creating a keystore for application data encryption.
Configure the keystore
Now that you have created a keystore, you need to configure it.
Open a keystore you just created by:
- In the navigation panel of Dev Studio, click and select a keystore from the instance list.
- Click Upload file.
- Click Choose File, browse to the keystore file, and select it.
- Click Upload file.
- In the Keystore type field, enter the keystore file type: JKS, JWK, PKCS12, KEYTAB, or KEY.
- In the Keystore password field, enter the password to the keystore file.
- Click Save.
Re-export the Service Provider metadata into the Identity Provider metadata
The Service Provider and Identity Provider need to communicate with one another. To finalize the process, you need to export the updated SP metadata, and then add it into the Identity Provider.
- In the side panel of Dev Studio, click .
- Select the SAML authentication service that you need to update.
- In the Service Provider (SP) settings section of the
SAML 2.0 tab, click the Download SP
Note: This will open a new tab with the system's metadata in XML.
- Import the SP metadata into your Identity Provider.
Previous topic Updating an expired identity provider certificate in a SAML Authentication Service Next topic Configuring SSO login authentication with an OpenID Connect identity provider