Updating SAML authentication settings after Unified Manager security certificate change

Any change to the HTTPS security certificate installed on the Unified Manager server requires that you update the SAML authentication configuration settings. The certificate is updated if you rename the host system, assign a new IP address for the host system, or manually change the security certificate for the system.

About this task

After the security certificate is changed and the Unified Manager server is restarted, SAML authentication will not function and users will not be able to access the Unified Manager graphical interface. You must update the SAML authentication settings on both the IdP server and on the Unified Manager server to re-enable access to the user interface.

Steps

  1. Log into the maintenance console.
  2. In the Main Menu, enter the number for the Disable SAML authentication option.
    A message displays to confirm that you want to disable SAML authentication and restart Unified Manager.
  3. Launch the Unified Manager user interface using the updated FQDN or IP address, accept the updated server certificate into your browser, and log in using the maintenance user credentials.
  4. In the Setup/Authentication page, select the SAML Authentication tab and configure the IdP connection.
  5. Copy the Unified Manager host metadata URI, or save the host metadata to an XML text file.
  6. Click Save.
    A message box displays to confirm that you want to complete the configuration and restart Unified Manager.
  7. Click Confirm and Logout and Unified Manager is restarted.
  8. Access your IdP server and enter the Unified Manager server URI and metadata to complete the configuration.
    Identity provider Configuration steps
    ADFS
    1. Delete the existing relying party trust entry in the ADFS management GUI.
    2. Add a new relying party trust entry using the saml_sp_metadata.xml from the updated Unified Manager server.
    3. Define the three claim rules that are required for Unified Manager to parse ADFS SAML responses for this relying party trust entry.
    4. Restart the ADFS Windows service.
    Shibboleth
    1. Update the new FQDN of Unified Manager server into the attribute-filter.xml and relying-party.xml files.
    2. Restart the Apache Tomcat web server and wait for port 8005 to come online.
  9. Log in to Unified Manager and verify that SAML authentication works as expected through your IdP.