March 1, 2023
We upgraded to vCloud Director v5.1 fairly recently and started receiving user tickets regarding a new issue with federation certificates. Users were sent automated e-mails reading as follows:
The federation certificate expiration is [DATE] [TIME]. An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the Federation Settings page.
The federation certificate is a part of the SAML Identity Provider process, which can be enabled in vCloud environments in order to authenticate users and groups. Most deployments in our cloud are not SAML enabled, but the certificate expiration warning is sent regardless.
Federation certificates are set to expire after one year and warning e-mails go out a few weeks before they do. At the end of this one year cycle each certificate must be regenerated. Follow these steps to regenerate a federation certificate:
1. Log into your vCloud environment and navigate to the Administration tab.
2. On the left hand side of this menu, choose the Federation link under the Settings menu.
3. Scroll to the bottom of the screen and you will see the Certificate heading, with the expiration details underneath. Click the Regenerate button to create a new certificate.
4. The system will prompt you will the following message: “Performing this action may disable federation with the identity provider setup for this organization. Users from the identity provider may not be able to login until federation is reconfigured on the identity provider. Do you want to regenerate the certificate?” Note that it is safe to proceed at this point, as using the federation identity provider is not common, and will be listed on the same page if it is used. In the case that it is, please defer to us and we will take additional steps to correct the issue.
5. At this point the system will regenerate the federation certificate. The expiration date will be updated, and it will be valid for one year.
For more gBlock Cloud troubleshooting, visit our Cloud FAQ page.
Posted By: NOC Lead Ron Rittenhouse
.png){kind=logo}
We're here to help you tackle what's next in your digital journey.
