Jersey Datacentre and Cloud Services Knowledgebase (previously provided by Foreshore)

Home Search
Welcome Guest ( Login )

Vmware vCloud Director v5.1 – Federation Certificate expiration

Expand / Collapse
 

Vmware vCloud Director v5.1 – Federation Certificate expiration


The federation certificate is a part of the SAML Identity Provider process, which can be enabled in vCloud environments in order to authenticate users and groups. Most deployments in our cloud are not SAML enabled, but this certificate expiration warning is automatically sent via email regardless.

The federation certificate expiration is [DATE] [TIME]. An expired certificate may disable federation with the identity provider setup with your organization. The certificate can be regenerated from the Federation Settings page.

Federation certificates are set to expire after one year (This is set by Vmware) and warning e-mails go out before they do. At the end of this one year cycle each certificate must be regenerated. Follow these steps to regenerate a federation certificate:

1. Log into your vCloud environment and navigate to the Administration tab.

2. On the left hand side of this menu, choose the Federation link under the Settings menu.

3. Check to see if the “Use SAML Identiy Provider” is selected, If it is configured please STOP and contact support@foreshore.net. Referencing this KB article and that you are using SAML so we can advise further.

4. Scroll to the bottom of the screen and you will see the Certificate heading, with the expiration details underneath. Click the Regenerate button to create a new certificate.

5. The system will prompt you will the following message:

“Performing this action may disable federation with the identity provider setup for this organization. Users from the identity provider may not be able to login until federation is reconfigured on the identity provider. Do you want to regenerate the certificate?”

Note that as long as you are not using SAML (Federation identity provider) it is safe to proceed at this point, using the federation identity provider is not common, and will be listed on the same page if it is used. In the case that it is, please STOP and contact support@foreshore.net , referencing this KB article and that you are using SAML so we can advise further.


6. At this point the system will regenerate the federation certificate. The expiration date will be updated, and it will be valid for one year.

 09 July 2014 09:06:13



Rate this Article:

Add Your Comments


Comment require login or registration.

Details
Last Modified:09/07/2014 09:28:46

Last Modified By: markj

Type: HOWTO

Rated 5 stars based on 1 vote

Article has been viewed 4,124 times.

Options