Updating an SSO Certificate

book

Article ID: 16220

calendar_today

Updated On:

Products

CA Agile Central SaaS (Rally)

Issue/Introduction

Is there a required process to add or update an SSO certificate? 

Environment

Release:
Component: ACSAAS

Resolution

When updating an expiring SSO certificate, or adding a new secondary certificate, the customer MUST open a support case at https://casupport.broadcom.com

 

The customer needs to send the certificate in one of the following formats: .txt, .crt, .cert, or .html, or send a complete metadata file in an .xml format, which includes the new certificate.



For more information please refer to the SSO setup in the Agile Central help pages.  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/agile-development-and-management/rally-platform-ca-agile-central/rally/getting-started-top/administrators-how-set-rally/technical-overview-implementing-single-sign-on.html



 



 

Additional Information

The PingFederate server used by Broadcom where connections are configured can have up to 2 certificates in use at any one time.  Either of these (primary or secondary) certificates can be utilized depending on the certificate being sent in the SAML response form the customer.  In most cases new certificates are imported as the secondary certificate.  When and if the primary certificate expires the secondary certificate will then automatically be used and validated against beyond the expiration of the primary certificate.  The validation process is seamless and it is unnecessary to remove or inactivate an expiring certificate as long as its replacement is configured as a secondary.