Tuesday, February 05, 2013

ADFS : New RP / SP metadata for expired certificate

 

Common pattern – you set up a link with a WS-Fed RP or a SAML SP and for whatever reason they use a certificate and it’s expired.

That site has a load of claims rules and it’s a real pain to delete the site, re-import the metadata, type in all the claims rules again etc.

But wait – help is at hand.

Instead of sending you all the metadata, just ask them to send you the certificate as a .cer text file. That’s the format that look like:

-----BEGIN CERTIFICATE-----

<snip>

-----END CERTIFICATE-----

In ADFS, double-click on the RP in the “Relying Party Trust”.

Then click on the Signature tab.

Then click on the “Add” key, browse to the .cer file, select it etc. and viola – you have updated the certificate without having to do the whole nine yards.

Enjoy!

No comments: