I'm assuming this is proper/working as designed:

We have a bunch of trusted SP defined.

All is working

We had to renew our wildcard SSL cert. I renewed it, and put it into
the test environment first.

Seems to have broken all the SAML SP we had defined, and looking at the
metadata file from the NAM IDP (I had an older copy from a few months
ago) vs. now, it's like 60% different (based upon a Beyond Compare).

The trusted root CA hasn't changed
But the intermediate CA from the vendor apparently was updated since the
last time we got the wildcard SSL cert.
The actual "server" cert changed (obviously).

But I wasn't quite expecting the metadata file to change, although I
guess in a way it makes sense since the metadata file has an .509 cert
stuff in it.

How do the others handle this? You contact all your IDP/SP partners
ahead of time and let them know that on such and such a date/time their
stuff (and/or your stuff) will break and email them the updated file and
have them update their info with your metadata.xml file?


kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=49752