Setting Up and Configuring Certificates when Upgrading SSO

When you upgrade SSO, take the following steps to avoid overwriting your current certificates with the default certificates sent with the library.

For a non-multitenant set up with one Idp:

  1. Create a folder named samlcerts in WWWROOT/resources/.
  2. Copy the saml.crt and saml.pem files into the samlcerts folder.

For a non-multitenant or a multi-tenant set up with different Idp's:

  1. Create a folder named samlcerts in WWWROOT/resources/ .
  2. Create a folder with the same name as the site in WWWROOT/resources/samlcerts/<SITENAME>.
    For the default site, name the folder default.  For other sites, give the folder the name of the site on the super admin user interface.
  3. Calculate the sha1 of idp url using the following command:
    #echo -n "" | openssl sha1
    (stdin)= bea10f29becf8acab8d8d6e8b9b7ee52f35ada8a
  4. Use the sha1 value from step 3 to create a new folder in WWWROOT/resources/samlcerts/<SITENAME>.
    For example, for the above case, create the folder: WWWROOT/resources/samlcerts/<SITENAME>/bea10f29becf8acab8d8d6e8b9b7ee52f35ada8a.
  5. Place the saml.pem and  saml.crt files into the folder created in step 4.