Change SSL certificate for Service with SAML

Question

Hi,&nbsp;we have an F5 setup in place, where an external portal (VMware) connects the users through F5 via SAML SSO.The F5 is acting as SAML SP, so it receives a SAML token and authenticates the user via SSO to the service that he clicked on in the VMware portal.&nbsp;Initially, one step of setting up this was to create a SP under "Access&nbsp;››&nbsp;Federation : SAML Service Provider : Local SP Services" for each service. Under security settings, I checked the "Sign Authentication Request" and used the certificate and key of this service. Then I exported the metadata, which was imported on the other side, so that SAML is spoken properly between F5 and VMware.&nbsp;Now we need to replace the certificates of the services. My question is now: If I replace the certificate in the SSL-profile, I need to replace it in the Security Settings too. If I do so, do I need to export the Metadata file again, and import it on VMware side, or is this step not not necessary?

dave_w · Answer

Hello, in my experience when making changes like this to and existing SAML configuration it's best to export/import metadata again to avoid any mistakes and make the process easier. You can make these changes manually, but there is more room for error that way.

If you mean replace the certificate in say the client ssl profile, no you should not need to changes this.

Forum Discussion

Change SSL certificate for Service with SAML

1 Reply

Recent Discussions

About IPI check ip list

Cookie Violation - Expired TimeStamp.

About custome Response Blocking Page

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

Re: Management Certificate

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

My Security+ Certification Journey

Certifications for security professionals

Service discovery and registration with BIG-IP