After a system that authenticates with SSO via SAML2 has been operational for a while it may become necessary to refresh partner's certificate due to it expiring, preferably before the old certificate expires. This article contains an overview of the steps that are required to update the Ideagen Internal Audit (Aura) configuration.

Note that as each Ideagen Internal Audit (Aura) application will support only a single certificate this will require a short period of downtime.

Updating the certificate

Backup

• Obtain the new certificate from the IdP administrator
• Backup the existing SAML2Provider.cer files, at:
  
  SamlMvc\Certificates
  WebUI\Certificates
  
  

Update the SAML2Provider certificates

Note – if the IdP server administrator has provided a certificate with a different name it will be necessary to rename the file to SAML2Provider.cer.

Replace the file SAML2Provider.cer at

SAML2Mvc\Certificates
WebUI\Certificates

Restart the applications

Restart the PentanaService and PentanWebService application pools.

Supply the new certificates to the other party if required

If the other party requires our metadata, it can be downloaded from:

https://server.domain.com/PentanaUAT/WebUI/samlmetadata.aspx
https://server.domain.com/PentanaUAT/samlmvc/sso/metadata

https://server.domain.com/PentanaPRD/WebUI/samlmetadata.aspx
https://server.domain.com/PentanaPRD/samlmvc/sso/metadata

Note:  error on expiration of the partner certificate

When a partner's certificate has expired the user will see the following error in the Ideagen Internal Audit (Aura) login dialog box:

ComponentSpace.SAML2.Exceptions.SAMLSignatureException:  The SAM assertion signature failed to verify: