How to Update Signing Certificates on IAS
Environment:
SAP Identity Authentication Service
Description:
- How to update IDP certificate on IAS
- Update the signing certificate of your IDP used in SuccessFactors Single Sign On (SSO)
Resolution:
The IdP certificates are updated on IAS admin console by an IAS administrator. Therefore, there is no need to engage support to update this type of certificate in IAS.
To update the IdP certificate, please follow the steps below:
- Login to IAS admin console and go to Identity Providers.
- Select the IDP with the expiring certificate that needs to be updated.
- Go to SAML 2.0 Configuration as shown in the screenshot below
Now, there are two options to update the certificate:
- Option A: Update the Certificate Only
- On SAML 2.0 Configuration, click Add.
- A dialog window would appear where you could upload the .cert / .crt file or enter the new certificate via text.
- After uploading the certificate or adding the text, check its validity.
- Option A: Update the Certificate Only
- Option B: Upload the XML file - Under Define from Metadata, upload the XML file with your updated certificate. Make sure it had all the attributes as previous except the certificate to be in the valid date.
Should you wish to proceed with the first one by adding a new certificate instead, please see this helpful KBA - 3223373 - Automatically select second signing certificate where the following is stated: The certificate marked as default is your main certificate. When it's time to rotate the certificates we recommend you to add a second certificate. When the default certificate expires, and you have a new one, you can safely remove the old one and mark the new certificate as default.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article