Running Policy Server, how to upgrade the certificate in the Legacy Federation?

At the moment, the Legacy Federation signs the assertion using the defaultenterpriseprivatekey.

How to change it to use the new certificate myNewAlias?

Some documents explain how to set the certificate and key, as well as do some verification about the Certificate that will be set (1)(2).

These are mainly related to the document section for Legacy Federation Signature configuration from the SiteMinder documentation (3).

To validate that the new certificate is in use after the changes, set the Policy Server Profiler with the component:

  JavaAPI, Fed_Server

As transaction often includes multiple components, the best way to troubleshoot or validate that a configuration works as expected is to set temporarily the full Profiler configuration, to miss nothing.

Here's the template with full components and full data:

smtracedefault.txt:

components: AgentFunc, Server, IsProtected, Login_Logout, IsAuthorized, Tunnel_Service, JavaAPI, Directory_Access, ODBC, LDAP, IdentityMinder, TXM, Fed_Server, Srca
data: Date, PreciseTime, Time, Pid, Tid, SrcFile, Function, TransactionID, AgentName, Resource, User, Group, Realm, Domain, Directory, Policy, AgentType, Rule, ErrorValue, ReturnValue, ErrorString, IPAddr, IPPort, Result, Returns, CallDetail, Data, Message, ObjectClass, DomainOID, SearchKey, ObjectOID, Property, AuthStatus, AuthReason, AuthScheme, CertSerial, SubjectDN, IssuerDN, SessionSpec, SessionID, CertDistPt, UserDN, Action, RealmOID, State, ClusterID, HandleCount, FreeHandleCount, BusyHandleCount, ResponseTime, Throughput, MaxThroughput, MinThroughput, Threshold, TransactionName, HexadecimalData, Query, ActiveExpr, RequestIPAddr, Expression, CacheHits, CacheSize, RefCount, ExecutionTime, Tenant
version: 1.1

(1)

    How to: configure the Signing option in Legacy Federation
    

(2)

    Assertion signature verification fails in Legacy Federation
    

(3)

    Validate Signed Requests and Responses