To manage the SAML Session Provider trust stores in cloud environments

  1. From the Grid Management Pages, open the Management Pages of the SAML Session Provider application.
  2. Select SAML Session Provider Trust Stores.
  3. There are two tables on the page. The first table shows the contents of the signing trust store. The second table shows the contents of the HTTPS trust store. In a cloud environment, the contents cannot be automatically validated.
  4. To import new IdP signing certificates:
    1. Click the link Import New IdP Signing Certificates below the signing trust store. Provide a property file containing the property idp.saml.metadata.xml.base64, where the new signing certificate(s) are part of the metadata. Note that the entity ID of the IdP in the metadata to import must match the SAML Session Provider configuration.
    2. After providing a property file, the metadata is parsed and the signing certificates are presented. To import the certificates, click Import. Note that several signing certificates may be imported, and that the existing signing trust store will be replaced with the new certificates.
  5. To import new HTTPS certificates for IFS:
    1. Click the link Import New IFS Attribute Service HTTPS Certificates below the HTTPS trust store. Provide a property file containing the property ifs.attributeservice.service.certificate.chain.base64.
    2. After providing a property file, the certificate chain is presented. To import the new certificate chain, click Import. Note that the existing HTTPS trust store will be replaced with the new certificate chain.
    3. After importing the certificates, the SAML Session provider nodes will restart automatically. Click Return home or back in the browser.