Certificate

How to renew/upgrade SP certificate in the SAML SSO plugin with KeyCloak as IDP?

1624 views December 21, 2021 December 23, 2021 akshayp 2

If you encounter this warning in the plugin window, you will need to renew or upgrade your certificate in order to continue uninterrupted SSO between your WordPress site and your IDP.

Warning-mssg

Pre-requisites:

  1. The latest version of the WordPress SAML SSO Plugin with the latest certificates.[How to get the latest version of the plugin?]
  2. Enable Sign SSO & SLO Requests option under the Service Provider Setup tab in the plugin.[What does sign SSO and SLO requests mean?]

Note:

  • If you are not using the sign SSO and SLO Requests option, and if your IDP is not sending encrypted assertions, then you can simply follow the steps from step 10
  • If you are using the sign SSO and SLO Requests option, and if your IDP is sending encrypted assertions,
    i.e In KeyCloak if the Encrypt Assertions and Client Signature Required fields are ON.

Encrypt-Assertions

Then you can simply follow the steps below to upgrade the certificate:

  1. Navigate to the Manage Certificate tab in the plugin.
  2. Click on the Download Certificate button to download the new plugin certificate and keep it handy as you will need it further.
  3. Navigate to the KeyCloak Admin console.
  4. Proceed to the Client section in the left pane, inside that select your Keycloak application created for WordPress.
  5. Under the Keys tab, you will have to upload the certificate for Signing Key as well as certificate for Encryption Key.
  6. Click on Import, you will be presented with a screen to Import SAML Key.
  7. Import

  8. In the Achieve Format dropdown, select Certificate PEM option.
  9. Select the certificate file and import the certificate.
  10. Import SAML Key

  11. Now import the certificate for the Encryption key following the same steps.
  12. Navigate back to the plugin and in the Manage Certificate tab, click on the Test Connection button.
  13. If your Test Connection is successful, click on the Apply Certificate button to apply the latest certificate in the plugin.
  14. Apply certificate

  15. You will be prompted with the dialog box of Are you sure you want to upgrade? Click on the Confirm Upgrade button.
  16. You have successfully upgraded the certificate.

If you are still facing any issues then feel free to reach us at samlsupport@xecurify.com.

Was this helpful?