Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1202
Views
0
Helpful
1
Replies

CIsco ISE - Error when opening STS SAML Identity provider

G3000LEE
Level 1
Level 1

‎04-26-2021 05:51 AM

Has anyone came across the following error when trying to upload a XML config to the STS profile:

 

‘Signing certificate validation failed, error: The IdP signing certificate expired. Reconfigure SAML Identity Provider with updated metadata’

 

Cisco ISE 2.7

 

Thanks

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎04-27-2021 03:44 PM

This means the metadata XML file contains a field for the signing certificate of your STS SAML IdP and that certificate has expired according to the system time of your ISE deployment. Please check the XML file. Likely you would be able to extract the certificate and verify its expiration date. Check your IdP and renew/update its signing certificate before re-exporting the metadata file.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents