Clarity - Replace/Update a SAML Certificate
search cancel

Clarity - Replace/Update a SAML Certificate


Article ID: 253316


Updated On:


Clarity PPM On Premise Clarity PPM SaaS


Can we have multiple certificates set up for the IDP in Clarity SAML configuration?

We are going to renew the IDP cert and this will require a change in IDP cert in Clarity PPM SAML configuration. We would like to avoid downtime for this change, what is the best way to do this?


Release : Any


Only replacing the Cert:

If only the certificate is changing

  1. Upload the certificate, check the ID in CMN_SEC_CERTS
  2. Update CMN_SAML_CONFIGS table CERT_ID to point to this exact cert
  3. Clear application cache in security.caches and test

If this does not work:

Add a separate SAML Configs entry:

  1. When you upload a second entry make sure to set not Active and not Default. This has to be done from UI. Note we have a unique index on Entity ID so make it slightly different initially
  2. Then try it to make sure the existing connection is still connecting right.
  3. When you want to enable the second entry, disable the first entry from being Active first, and modify the Entity ID to something else
  4. Set the second one to correct Entity ID and then set it to Active and Default
  5. Flush the application caches
  6. Also we recommend deleting the one you no longer need once you confirm it's working.

Additional Information

Note: When copying the certificate, make sure you copy the whole text including the Begin and End statements. Then click Save and Refresh the browser. Restart of services or the server is not required