search cancel

SAML certificate update and partnership desactivation in AdminUI

book

Article ID: 229591

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder)

Issue/Introduction

 

When running an AdminUI, should the Parthership be desactivated when a
certificate needs to be updated ?

 

Resolution

 

At first glance, from documentation, the partnership doesn't need to
be desactivated to update the certificate (1).

 

Additional Information

 

(1)

    Modify Certificate Settings for an Active SAML 2.0 Partnership

      For SAML 2.0 Idp-to-SP and SP-to-IdP partnerships, you do not have
      to deactivate the partnership to change the certificate
      settings. You can modify the certificate settings while the
      partnership is active.

      Warning

      We recommend that you modify only one certificate setting at a
      time during non-peak hours to avoid transaction failures. Save the
      changes to a setting before you modify another setting.

      After you save the changes, the next federation transaction uses
      the new certificate configuration values. The run time
      automatically picks up the changes. You do not need to flush the
      cache from the UI for the changes to take effect.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/signature-and-encryption-configuration-for-federated-partnerships/modify-certificate-settings-for-an-active-saml-2-0-partnership.html