Authentication

Renewal of SAML 1.1 Signing Certificates

223 views June 13, 2017 August 1, 2018 0

Signicat renews their SAML signing certificates every second year (years ending with odd numbers). This page describes the impact of Signicat’s Connectors and Applications

Signicat’s Connectors

Customers using older versions of Signicat Connectors will be affected by a renewal of Signicat’s SAML certificates. This applies to the following versions of the Connectors:

  • on Java platform: Java client kit, v. 2.3.2 or lower
  • on .NET platform: Signicat.Basic.Service v.1.11 .*.*
  • or lower on .NET platform: Signicat.Basic v.1.0.1.10 or lower

Every time Signicat renews the SAML signing certificats, these customers must replace the old SAML signing certificate with the new ones, or add the new ones to the Connector’s truststore.

Customers using newer connectors than the above mentioned will not be affected by renewal of the SAML signing certificate.

Signicat authentication using the SAML2 protocol

Customers integrated with the Signicat authentication service using the SAML2 protocol, will be affected by a renewal of Signicat’s SAML certificates.

Every time Signicat renews the SAML signing certificats these customers must renew the SAML2 metadata from Signicat.

Signicat Federation Agent

Customers integrated with the Signicat authentication service using the Signicat Federation Agent, may be affected by a renewal of Signicat’s SAML certificates, dependent of which version of Federation Agent they are using.

Every time Signicat renews the SAML signing certificats these customers should add the new SAML signing certificates to the Federation Agent truststore.

Frequently asked questions

Q: What is “SAML Signing” certificate?

A: The SAML Signing certificate is the certificate used by Signicat for validating SAML responses.

 

Q: I only use Signicat for signature, what do I do?

A: Renewal of the SAML signing certificate does not affect Signicat signing services.

 

Q: I use SAML2, what do I need to do?

A: You need to change existing Signicat metadata with new metadata. Contact support@signicat.com to receive new metadata, or change your metadata manually by changing the certificate in our metadata with the new certificate.

 

Q: What version of the connector do I use?

A: For .Net: Find the signicat.basic.dll, check the properties for version.

For Java: Locate signicat-client-lib-X.X.X.jar. The version number should be in the file name.

 

Q: I don’t use any of Signicats connectors, what do I do?

A: If your integration use Signicat’s root CA, you don’t need to do anything. If you use the leaf-certificate, you should consider adding the root CA or add the new certificate in your integration manually.

Was this helpful?