Updating IdP Certificates

Forums, Documentation & Knowledge Base - ComponentSpace

Updating IdP Certificates

https://componentspace.com/forums/Topic11991.aspx

By fabio - 1/14/2022

Hi!

We implemented our SP using your libraries.
A client of ours, that uses ADFS as IdP, now wants to updates his own certificates. So he's going to send us his new FederationMetadata.xml containing the new Base64 certificate string.

To import that file into our system and configuration, we want to use the same method we use when we configure a brand new client:

SnippetMetadataImporter.ImportIdentityProviders

But testing this method I saw that if a configuration for a Partner is already present no updates happen. I mean, no certificates is updated nor appended to the certificates list (for the rollover).

How can we achieve this?

Thank you,
Fabio

By ComponentSpace - 1/19/2022

Thank you for sending these files.

The saml.config files match exactly what I would expect given the corresponding SAML metadata.

The updated metadata is the same as the original except for the inclusion of the second signing certificate.

The updated saml.config is the same as the original except for the inclusion of the second signing certificate.

Everything looks to be working as expected.

As I’ve mentioned, MetadataImporter.ImportIdentityProviders is a replacement rather than a merge operation.

It removes any current configuration for the partner identity provider before importing it.

MetadataImporter.ImportIdentityProviders produces the same result whether the SAML configuration already has a configuration for the partner identity provider or not.

The reason the updated saml.config includes two signing certificates is because the new SAML metadata includes two signing certificates.