CA Developer Portal: SSO not working after updating our X.509 certificate

book

Article ID: 144618

calendar_today

Updated On:

Products

API MANAGEMENT SAAS CA API Management SaaS CA API Developer Portal

Issue/Introduction

We upload a new certificate (replacing our old one) in our Layer 7 Portal, but the portal seems to have a problem with it. The problem appears to occur when the browser is redirected to the portal after the authentication.  We get an error stating "The specified username or password was invalid."  We followed the steps outlined in the SSO Troubleshooting section of the portal docs recreating both the cert and the SSO connection itself.  Neither of these options worked as no new cert or connection works regardless of what we do.  Our old connection and cert works with no issue even after switching it back. 

Cause

The Authentication container of portal has cached the issuer ID of the old cert, so the new cert in not properly authenticated against. 

Environment

Release : 4.X

Component : API MANAGEMENT SAAS & CA API DEVELOPER PORTAL

Resolution

1. Recreate the SSO connection in portal.

2. Change the issuer ID of the old (original) SSO connection.

3. Make the changes in on the other end for your newly created SSO config to accept the new configuration and cert.

4. Set the new SSO connection as the default. 

5. Restart the authenticator container.

6. Once you confirm it works, delete your old SSO config so it does not cause any confusion or conflicts.