SAML External IDP key roll-over

Question

Hi,&nbsp;
One of our external IDP connectors is implementing a new certificate for the Assertion Verification.
They provided new metadata which contains two certificates, the current one and the new future one.&nbsp;
But in the certificate settings I can only select one certificate.
Is there any key roll-over functionality in APM, or do we have to switch the certificate manually when they change it?&nbsp;
Cheers, Jens&nbsp;

youssef1 · Answer

Hi jens,&nbsp;
In your side you have to use only the new one.&nbsp;
The IDP maintain both because it will allow to migrate smoothly. &nbsp;
You can create an bundle in F5, just go to (System  ››  Certificate Management : Traffic Certificate Management : SSL Certificate List), then create a new cert and paste both certificate. call it bundle IDP.&nbsp;
then set this bundle in your External IDP profile.&nbsp;
Hope it's clear. keep me in touch.&nbsp;
Regards&nbsp;

Forum Discussion

SAML External IDP key roll-over

Recent Discussions

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

XC Bot defense question

Related Content

CSV to Address External Datagroup File

Enable SAML Service Provider on F5 Distributed Cloud Application

External Monitor Information and Templates

TACACS+ External Monitor (Python)

snmp-check external monitor

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS