we have an F5 setup in place, where an external portal (VMware) connects the users through F5 via SAML SSO.
The F5 is acting as SAML SP, so it receives a SAML token and authenticates the user via SSO to the service that he clicked on in the VMware portal.
Initially, one step of setting up this was to create a SP under "Access ›› Federation : SAML Service Provider : Local SP Services" for each service. Under security settings, I checked the "Sign Authentication Request" and used the certificate and key of this service. Then I exported the metadata, which was imported on the other side, so that SAML is spoken properly between F5 and VMware.
Now we need to replace the certificates of the services.
My question is now: If I replace the certificate in the SSL-profile, I need to replace it in the Security Settings too. If I do so, do I need to export the Metadata file again, and import it on VMware side, or is this step not not necessary?
Hello, in my experience when making changes like this to and existing SAML configuration it's best to export/import metadata again to avoid any mistakes and make the process easier. You can make these changes manually, but there is more room for error that way.
If you mean replace the certificate in say the client ssl profile, no you should not need to changes this.