Skip to main content

Table of Contents

Updating an expired Service Provider certificate in a SAML Authentication Service


Only available versions of this content are shown in the dropdown

If you are using a SAML Authentication service and your Service provider certificate has expired, then you need to create a new keystore, select that keystore under Service Provider details, and re-export the service provider metadata to the identity provider.

To complete this process, you must complete the following 3 tasks in this order:

  1. Create a keystore with a valid expiration.
  2. Configure the keystore.
  3. Re-export the service provider metadata into the Identity Provider metadata.

Create a keystore with a valid expiration

A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. A valid expiration is any expiration date that is in the future.

  1. Follow the steps in Creating a keystore for application data encryption.

Configure the keystore

There are several ways to configure a keystore in Pega Platform. In this example, we will be uploading a keystore. If you are using an alternative method for creating a keystore, see Keystores.

Now that you have created a keystore, you need to configure it.

Open a keystore you just created by:

  1. In the navigation panel of Dev Studio, click Records Security Keystore and select a keystore from the instance list.
  2. Click Upload file.
  3. Click Choose File, browse to the keystore file, and select it.
  4. Click Upload file.
  5. In the Keystore type field, enter the keystore file type: JKS, JWK, PKCS12, KEYTAB, or KEY.
  6. In the Keystore password field, enter the password to the keystore file.
  7. Click Save.

Re-export the Service Provider metadata into the Identity Provider metadata

The Service Provider and Identity Provider need to communicate with one another. To finalize the process, you need to export the updated SP metadata, and then add it into the Identity Provider.

  1. In the side panel of Dev Studio, click Records SysAdmin Authentication service .
  2. Select the SAML authentication service that you need to update.
  3. In the Service Provider (SP) settings section of the SAML 2.0 tab, click the Download SP metadata text.
    This will open a new tab with the system's metadata in XML.
  4. Import the SP metadata into your Identity Provider.
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us