• The following notification email is sent to all Tenant Administrators:
  
  The signing federation certificate expiration for organization System at example.com is dd/mm/yyyy TIME. An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the SAML Configuration page.


• SAML is not configured on any of the affected Organizations.
• The Certificate Library of the affected Organizations, contains the expired SAML certificate and cannot be deleted since it is still consumed by the Organization.

VMware Cloud Director 10.6.1

The SAML certificate on the Organization is automatically generated during the creation of the Organization.
By design the SAML cert is not automatically renewed and it is present in the Certificate Library of the Organization even if the SAML is not configured.

The only way to stop receiving the email notification about this expired cert is to regenerate the SAML certificate on all the affected Organizations and to delete the expired SAML certificate from the Certificate Library on the affected Organization.

To regenerate the SAML certificate:

1. In the Provider UI select the Organization which has the expired SAML certificate and click the link to open the Tenant UI.
2. On the Tenant UI for the Organization from the primary left navigation panel, select Administration.
3. Under Identity providers, click on SAML.
4. On this configuration page, click on REGENERATE CERTIFICATE.

If you have a significant number of organizations requiring SAML certificate regeneration, manual execution can be time-consuming. In such cases, you can use attached Python script to automate the certificate regeneration process via the VMware Cloud Director API.

Note: This script can be executed from either Windows or Linux machines that have network access to the VCD portal, but not be run directly on the VCD cells. The installation and configuration of Python and its associated modules on a separate system are outside Broadcom's support. You would need to ensure your environment is set up to run Python scripts that can interact with the VCD API. 

To delete the expired SAML certificate from the Certificate Library:

1. In the Provider UI select the Organization which has the expired SAML certificate and click the link to open the tenant UI.
2. On the Tenant UI for the Organization from the primary left navigation panel, select Administration.
3. Under Certificate Management select Certificates Library.
4. From the Certificate Library locate the expired Certificate (it should have a value of '0' for Consumers after regenerating it as per steps above) and delete it.