search cancel

Clarity - Replace/Update a SAML Certificate

book

Article ID: 253316

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Can we have multiple certificates set up for the IDP in Clarity SAML configuration?

We are going to renew the IDP cert and this will require a change in IDP cert in Clarity PPM SAML configuration. We would like to avoid downtime for this change, what is the best way to do this?

Environment

Release : Any

Resolution

Only replacing the Cert:

If only the certificate is changing

  1. Upload the certificate, check the ID in CMN_SEC_CERTS
  2. Update CMN_SAML_CONFIGS table CERT_ID to point to this exact cert
  3. Clear application cache in security.caches and test

If this does not work:

Add a separate SAML Configs entry:

  1. When you upload a second entry make sure to set not Active and not Default. This has to be done from UI. Note we have a unique index on Entity ID so make it slightly different initially
  2. Then try it to make sure the existing connection is still connecting right.
  3. When you want to enable the second entry, disable the first entry from being Active first, and modify the Entity ID to something else
  4. Set the second one to correct Entity ID and then set it to Active and Default
  5. Flush the application caches
  6. Also we recommend deleting the one you no longer need once you confirm it's working.