Updating the Certificate
Perform this setting when the expiration date of the certificate approaches. You do not have to perform this setting when you use SAML coordination for the first time.
If the certificate expires, you will not be able to use SAML-based single sign-on. Be sure to update the certificate by the expiration date.
If an incorrect certificate is registered, you will not be able to perform step 5 onwards because an error occurs in single sign-on. Perform the following steps outside the system usage hours in advance.
Download the old certificate from your ID provider in advance. If there is a problem with the new certificate, an error will occur in step 5 of the following operations and you will not be able to use single sign-on. You will need the old certificate for recovery.
The following is the format of the certificate required for SAML coordination:
File format: X.509 certificate in the PEM format
Public key encryption format: RSA (key length of 2048 bits or higher)
Signature hash algorithm: SHA-256 *1
Maximum file size: 1 MB
*1 You can register a certificate with a different hash algorithm, but you cannot use it for SAML-based login.
Create a certificate in your ID provider site, and then download and save it to any location.
Open the "SAML Coordination Settings" screen from "Tenant Info" of this site, and then click [Manual Setting] in "2. Set the ID provider information.".
Click [Select File] in "Certificates", and then select the certificate file that you obtained on step 1.
Click [OK].
Click the deletion icon for the old certificate to delete the old certificate.
Open your ID provider screen, and then activate the certificate you created.
Click [Execute Test] for "5. Perform the login test." to perform a login test.
When the login ends successfully, a message appears.