"An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the SAML Configuration page.” warning about federation certificate expiration in Cloud Director
book
Article ID: 325512
calendar_today
Updated On:
Products
VMware Cloud Director
Issue/Introduction
Symptoms:
Federation certificate expiration notification emails are sent by Cloud Director to administrators similar to the following:
The encryption federation certificate expiration for organization MyExampleOrg at vcloud.example.com is XX/XX/2023 X:XX:XX PM. An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the SAML Configuration page.
Option to regenerate SAML certificate is not available in the Cloud Director UI as no SAML configuration exists in the Tenant Organization.
Environment
VMware Cloud Director 10.x
Cause
This is a known issue affecting VMware Cloud Director 10.4.
Workaround: To workaround the issue in Cloud Director 10.4 without upgrading the Cloud Director API can be used to perform the regeneration of the Federation Certificate for SAML.
Use the Cloud Director API POST /admin/org/{id}/settings/federation/action/regenerateFederationCertificate to regenerate federation certificate for the Tenant to remove the warning about Federation certificate expiration. Details of this API method are available in the VMware Cloud Director API documentation.