Single Sign On Service Certificate Renewal

From Studentnet Wiki
Revision as of 05:44, 11 August 2021 by Dlim (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Single Sign On Service Certificate Renewal

Example XML File, will be used as reference for instructions

The following are the steps required for Single Sign On Service Certificate Renewal.

  1. Login to Cloudwork Dashboard

  2. Navigate to Single Sign On

  3. On the service list, click on the SSO Service which requires the certificate renewal

  4. Scroll down to SAML Config and Click Edit

  5. Scroll down to Certificates and Click Add Row

  6. Open up the XML file received from the SSO Service which requires the certificate renewal

  7. In the XML file, check the Certificate 1 Usage (found in the first KeyDescriptor Tag)

  8. In the Cloudwork Dashboard in the new row select with the checkbox whether Certificate 1 will be used for Signing or Encryption

  9. In XML file, Copy the Certificate 1 Content that is located in between the X509Certificate Tags (The beginning of the certificate is MIIDSTCCA and the end of the certificate is mAKo=)

  10. In the Cloudwork Dashboard in the row which has the checkbox selected, under Content paste the Certificate 1 Content

  11. In the Cloudwork Dashboard Click Add Row

  12. In the XML file, check the Certificate 2 Usage (found in the second KeyDescriptor Tag)

  13. In the Cloudwork Dashboard in the new row select with the checkbox whether Certificate 2 will be used for Signing or Encryption

  14. In XML file, Copy the Certificate 2 Content that is located in between the X509Certificate Tags (The beginning of the certificate is MIIDSTCCA and the end of the certificate is 3wyacFw==)

  15. In the Cloudwork Dashboard in the row which has the checkbox selected, under Content paste the Certificate 2 Content

  16. Take note which certificates are the new certificate, when the expiry date of the old certificate occurs, the old certificates will need to be removed (older certificates are at the top of Certificates Table)

  17. Click Submit


Notes

  • The same certificate can be used for signing and encryption.
  • Some services only have 1 certificate, in this case, ignore steps 11-15.



Removing Certificate

When the SAML SSO Certificate expiry date occurs, it will be necessary to remove the expired certificate, the steps for removing the expired certificates:

  1. Login to Cloudwork Dashboard

  2. Navigate to Single Sign On

  3. On the service list, click on the SSO Service which had the certificate renewal

  4. Scroll down to SAML Config and Click Edit

  5. Remove each of the expired Certificates by pressing the remove row button
    Example Certificates Table in Cloudwork: Expired Certificates are the first and second row


  6. Click submit