Recreating SAML signing keys

Recreating SAML signing keys might be required for example when the keys are about to expire, or when the keys needs to be rotated according to the consumer's security policy. Whenever you recreate the signing keys, you must also update the service provider configuration in the identity provider as soon as possible, to ensure uninterrupted operations.

  1. From Grid Management Pages > Security > SAML.
  2. Click Service Provider.
  3. In the Signing Certificate session, click Create New Signing Certificate.
  4. Click OK.
    The new certificate should be available in the Inactive Signing Certificates.
  5. Proceed to updating the service provider metadata in the applicable identity provider as described in Recreating SAML signing keys.
  6. In the Grid management pages, locate the new certificates among the Inactive Certificates. Hover over the common name to display a small menu next to it, and click Select Active to set the new certificate as active.