- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk SSO: server side certificate rotation process
Hi all,
Im trying to understand how rotation certificates used for SSO works in a search head cluster. We have a searchhead cluster where we have SSO working already. As for initial setup, I understand we can download SPmetadata.xml file from splunk SAML settings page. However, during rotation, how do we create this as we are using a cert thats already existing and we want to rotate the server side certificate?
If we just download SPmetadata.xml for creating request for IDP, this will have same cert as we are using. If we rotate the cert first at our side so we can download SPmetadata.xml to create request for IDP, then this will end up in error as IDP wont detect server side certificate during this, obviously.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jpillai
you have only the option to switch the certificate at the same time on both ends (Splunk & IDP provider).
Just for a certificate replacement you don't need the SPmetadata.xml if the other parameter won't be change.
Create the certificate, hand over the certificate chain to the IDP colleagues, agree a time window for the renewal and then do it.
