03-08-2022 05:13 AM
Do we need to reupload SP metadata everytime when we renew the tomcat certificate. If yes, may know why we need to do this
03-08-2022 05:55 AM
You need to update the trust in the IdP when you renew tomcat certificate. The reason is to get the new certificate value into the trust on the IdP as that is used for the communication between the system and the IdP.
03-08-2022 06:39 AM - edited 03-08-2022 06:40 AM
Thats correct, as Roger mentioned you have to. Its mentioned in the SSO deployment interactions and Restrictions
Tomcat Certificate Regeneration | If you regenerate the Tomcat Certificates, generate a new metadata file on the Service Provider and upload that metadata file to the IdP. |
Metadata Regeneration | The metadata file regenerates if you perform one of the following:
The CUCM downloads the regenerated metadata file and uploads to the IdP. |
Hope this Helps
Cheers
Rath!
***Please rate helpful posts and if applicable mark "Accept as a Solution"***
03-08-2022 07:25 AM
To add to this, if the IdP managers knows what their doing they can take the new certificate value and update the current trust in the IdP with that instead of uploading the new SP metadata file. This is commonly what we do once the Tomcat cert has been renewed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide