You may need to update the PingOne for Enterprise universal certificate if you're using PingFederate, Microsoft Active Directory Federation Service (AD FS), or a custom SAML provider as your identity bridge
In this case, it is imperative that you update the certificate if your configuration requires either:
- Signed AuthN requests.
- SAML single logout (SLO; either IdP-initiated or SP-initiated.
You do not need to update the PingOne universal certificate if you're using an identity repository other than PingFederate, Microsoft AD FS, or a custom SAML provider.
Check the Dashboard in the PingOne for Enterprise admin portal to see whether a certificate is due to expire. For more information, see Certificate alerts.
PingOne for Enterprise will also send you an email notifying you when the universal certificate is nearing expiration.
If you use Microsoft AD FS or a custom SAML provider as your identity repository, you will need to check your configuration.
If the identity repository is configured to use either SLO (IdP-initiated or SP-initiated) or signed AuthN requests, you will need to update the PingOne universal certificate.
- Log in to the PingFederate Bridge console.
- On the left navigation menu, click Identity Provider.
- Click to show the connection summary.
In the summary under Browser SSO, check the IdP-Initiated
SLO and SP-Initiated SLO settings.
If either is setting is True, you will need to update the PingOne universal certificate.
Scroll down toward the bottom of the summary to Protocol
Settings. Check the setting for Require digitally
signed AuthN requests.
If this setting is True, you will need to update the PingOne universal certificate.