Issues presented during SAML authentication that are related to the SAML certificate may be an indicator that the expiration date has passed. The SAML certificate will need to be updated periodically. You may be presented with an error as shown in the image below that states "Error: malformed_certificate. Error while signing data with certificate" or "Message": "The SAML response signature failed to verify."
Confirm Expiration Date
From the Cloud Streaming interface the SAML certificate expiration date can be confirmed under Authentication > SAML Settings > Advanced > Certificates
Export New Metadata From Your Identity Provider
Each identity provider will have their own process to export SAML Metadata.
- Log into https://admin.google.com/
- Navigate to Apps > Web and mobile apps
- Select the previously established SAML app for your Swank Streaming portal.
- Click Download Metadata
ClassLink
- Navigate to ClassLink Management Console -> Single Sign-On
- Copy the IDP Metadata URL from ClassLink and paste it in a browser (Chrome preferably)
- Right click on the resulting page and select Save As.
- Change the Save as type to All Files (*.*) and save the document as an .xml file on your desktop or other easily accessible location. This will be used to import into the streaming portal later.
Azure
- If you are unfamiliar with how to create a new certificate in Azure you can refer to Microsoft's documentation here:
- Once you have generated a new certificate, navigate to Azure Active Directory / Enterprise Applications
- Select the Swank App
- Under Properties select Single sign-on
- Download Federation Metadata XML File
If you are unfamiliar with how to export a new metadata file from your identity providers interface, we advise consulting their documentation or you can review some of our initial setup guides we have at the link below. Note you do not need to do the entire setup process again, but it should give you an idea of where to export new metadata.
SSO / SAML Setup Guides (Cloud streaming only)
Import New Metadata
You can import metadata from your identity provider (which will include a new certificate) into the Swank streaming portal. This is used to verify the identity provider during the SAML login process.
- Log Into your Digital Campus portal and select the Admin section (e.g.: https://digitalcampus.swankmp.net/[your site ID]/admin )
- Select Authentication/SAML Settings in the left menu
- Ensure you are in the basic view by toggling the switch in the upper left to the off position
- Ensure you are in the basic view by toggling the switch in the upper left to the off position
- Locate the IdP Metadata XML file from your IDP
- Click Import Identity Provider Settings
- In the Load External Identity Provider Settings pop up window, click Select and navigate to the IdP Metadata XML file.
- Note: The EntityID (optional) field is only needed if the IdP XML contains multiple EntityIDs. This is not common
- Click Save
- In the Load External Identity Provider Settings pop up window, click Select and navigate to the IdP Metadata XML file.
-
Once you have imported the new metadata file, you can refresh the page and perform a Test SAML Login (Step 5).
- Note, you may need to clear your recent browsing history (24hrs) if you have recently logged into this machine.
-
Once you have confirmed the new cert is in place and working correctly the old certificate can be removed under Authentication > SAML Settings > Advanced > Certificates. Please be aware it may take up to 24 hours for the new certificate to be available for use by your SAML applications
Comments
0 comments
Please sign in to leave a comment.