Certificate

How to renew/upgrade SP certificate in the SAML SSO plugin with Shibboleth as IDP?

483 views December 21, 2021 December 23, 2021 sohamj 1

If you encounter this issue in the plugin window, you will need to renew or upgrade your certificate in order to continue SSO between your WordPress site and your IDP.

Warning-mssg

Pre-requisites:

  1. Latest version of the WordPress SAML SSO Plugin with the latest certificates. [How to get the latest version of the plugin?]
  2. Enabled Sign SSO & SLO Requests option under the Service Provider Setup tab in the plugin. [What does sign SSO & SLO Requests mean?]

Note: If you are not using the sign SSO and SLO Requests option, and if your IDP is not sending encrypted assertions, you can simply follow the steps from step 8.

Now to upgrade the certificate follow the below steps:

  1. Navigate to the Manage Certificate tab in the plugin.
  2. Click on the Download Metadata button to download the metadata and keep it handy as you will need it further.
  3. In conf/service.xml, check the file name in the node for MetadataResolverResources. This is the SP metadata details are stored. For example, in the screenshot given below the filename is metadata-providers-system.xml.
  4. Go to conf/[filename].xml and check how the metadata has been configured. For example, in the screenshot below we have added metadata as a file and the path is specified in the MetadataProvider node (mo-saml-sp-metadata).
  5. If the SP metadata has been configured by uploading the metadata file, download the latest file from the miniOrange default certificate Configuration and replace the file content with the new content in Shibboleth.
  6. OR

  7. If the SP metadata has been configured by manual configuration, download the metadata file from the Service Provider Metadata tab, copy the metadata and paste it into the Metadata file.
  8. After updating the metadata restart your Shibboleth server to apply the change.
  9. Navigate back to Manage Certificates and click on the Test connection to check if the uploaded certificate is working properly.

If you are facing any issues, please contact us, please contact us at samlsupport@xecurify.com

Was this helpful?