Version: 2.2.1

Reconfiguring authentication in AD FS with SAML 2.0

There are some situations in which it is necessary to reconfigure single sign-on via SAML 2.0, such as when AD FS or SoftExpert Suite certificates expire or are renewed, when there is an AD FS server migration or changes to domain names. If the certificate generated in SoftExpert Suite for AD FS authentication has expired, follow these steps:

Access the Configuration component > Configuration > Authentication (CM008) > Authentication services > SAML 2.0. Select the certificate you want to renew and click on the "Renew certificate" button. Then, download the Service Provider settings to get the SESUITE_metadata.xml file. Next, click on the "Apply" button to save the changes.

caution

⚠️ Attention:

Uploading the identity provider settings (FederationMetadata.xml file downloaded from AD FS) is only required if there are any changes to the service, such as a change of address or renewal of the certificate in the identity service.

Remove the outdated configuration in AD FS. This step may vary depending on the AD FS version being used.

Then, recreate the configuration in AD FS by importing the SESUITE_metadata.xml file generated after certificate renewal (step 1). Follow the steps, starting from step 4 of the Configuring authentication in AD FS with SAML 2.0 section.

It is important to remember that these steps are specific for reconfiguring authentication in AD FS with SAML 2.0 in situations such as expired or renewed certificates, AD FS server migration, or domain name changes. Make sure you follow the steps correctly and check for other specific requirements related to your environment before making changes.