Signature certificate change for Affiliate Domain in Legacy Federation
search cancel

Signature certificate change for Affiliate Domain in Legacy Federation


Article ID: 262806


Updated On:


SITEMINDER CA Single Sign On Federation (SiteMinder)



Running Policy Server, how to upgrade the certificate in the Legacy Federation?

At the moment, the Legacy Federation signs the assertion using the defaultenterpriseprivatekey.

How to change it to use the new certificate myNewAlias?




Some documents explain how to set the certificate and key, as well as do some verification about the Certificate that will be set (1)(2).

These are mainly related to the document section for Legacy Federation Signature configuration from the SiteMinder documentation (3).

To validate that the new certificate is in use after the changes, set the Policy Server Profiler with the component:

  JavaAPI, Fed_Server

As transaction often includes multiple components, the best way to troubleshoot or validate that a configuration works as expected is to set temporarily the full Profiler configuration, to miss nothing.

Here's the template with full components and full data:


components: AgentFunc, Server, IsProtected, Login_Logout, IsAuthorized, Tunnel_Service, JavaAPI, Directory_Access, ODBC, LDAP, IdentityMinder, TXM, Fed_Server, Srca
data: Date, PreciseTime, Time, Pid, Tid, SrcFile, Function, TransactionID, AgentName, Resource, User, Group, Realm, Domain, Directory, Policy, AgentType, Rule, ErrorValue, ReturnValue, ErrorString, IPAddr, IPPort, Result, Returns, CallDetail, Data, Message, ObjectClass, DomainOID, SearchKey, ObjectOID, Property, AuthStatus, AuthReason, AuthScheme, CertSerial, SubjectDN, IssuerDN, SessionSpec, SessionID, CertDistPt, UserDN, Action, RealmOID, State, ClusterID, HandleCount, FreeHandleCount, BusyHandleCount, ResponseTime, Throughput, MaxThroughput, MinThroughput, Threshold, TransactionName, HexadecimalData, Query, ActiveExpr, RequestIPAddr, Expression, CacheHits, CacheSize, RefCount, ExecutionTime, Tenant
version: 1.1

Additional Information



    How to: configure the Signing option in Legacy Federation


    Assertion signature verification fails in Legacy Federation


    Validate Signed Requests and Responses