Error: "An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the SAML Configuration page.” warning about federation certificate expiration in Cloud Director
search cancel

Error: "An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the SAML Configuration page.” warning about federation certificate expiration in Cloud Director

book

Article ID: 325512

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • Federation certificate expiration notification emails are sent by Cloud Director to administrators similar to the following:
The encryption federation certificate expiration for organization <org_name> at <vcd_fqdn> is XX/XX/2023 X:XX:XX PM.
An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the SAML Configuration page.
  • Option to regenerate SAML certificate is not available in the Cloud Director UI as no SAML configuration exists in the Tenant Organization.


Environment

VMware Cloud Director 10.4

Cause

This is a known issue affecting VMware Cloud Director 10.4.

Resolution

The issue is resolved in VMware Cloud Director 10.4.1, available at VMware By Broadcom Downloads.

Workaround:
To workaround the issue in Cloud Director 10.4 without upgrading the Cloud Director API can be used to perform the regeneration of the Federation Certificate for SAML.

Use the Cloud Director API POST /admin/org/{id}/settings/federation/action/regenerateFederationCertificate to regenerate federation certificate for the Tenant to remove the warning about Federation certificate expiration.
Details of this API method are available in the VMware Cloud Director API documentation.

For more information on logging into the Cloud Director API and making requests see the KB article on How to establish an API connection VMware Cloud Director (56948).