PeopleFluent Notification - SSO SAML Certificate Expiration - 2023
Applicable Product:
- ALL
Summary:
Dear PeopleFluent Customers and Partners,
PeopleFluent’s Single Sign On security makes use of a single digital certificate for both encryption and digital signatures for SAML assertions. This certificate is set to expire on November 01, 2023.
To prevent disruption in the use of PeopleFluent products after the certificate expires, PeopleFluent is requesting customers to make necessary configuration changes at the earliest possible time between October 10, 2023 and October 31, 2023. NOTE: Both the TEST/UAT/V1 and PRODUCTION Certificate will be available on October 10, 2023. Please perform the below mentioned steps in the service that defines PeopleFluent as a Relying Party. This could mean ADFS, Okta or other providers.
- Download the new certificate from - https://www.peoplefluent.net/saml.peoplefluent.com_exp2024-09.crt. The new certificate is valid until September 12, 2024
- Replace the previous certificate with the new certificate in the Encryption configuration area.
- If you perform signature verification of our iPaaS SSO AuthN requests, add the new certificate to the Signature Verification configuration area which means you will have both the old and the new certificate in this area until the old certificate expires.
- If your PeopleFluent Relying Party is already configured to update automatically based on the PeopleFluent metadata, then after October 10, 2023, please verify that the new certificate was updated in the Relying Party configuration. If you do not know how to access PeopleFluent metadata, please contact our Support Team.
Between October 10, 2023 and October 31, 2023, both the old AND new certificates will work and there will be no disruption of service.
However, after October 31, 2023, only the new certificate will work. Once you have completed the steps above, no further action will be needed on your part. You may choose to remove the old signing certificate after November 1, 2023. We hope that this advance notice will help with the scheduling of these configuration changes.
PeopleFluent requests customers coordinate with their internal technical staff and take preemptive measures to ensure there is no disruption in accessing PeopleFluent products after October 31, 2023. We also request you test and make the changes first in the V1/UAT/TEST environment before making the changes in production. If you need assistance in testing or verification of the correct certificate is in use, please contact our Support Team.
In addition, for customers who use Gateway SSO, we have updated our EntityID values and will be retiring support for the legacy versions of our SAML EntityID values when the old certificate is retired on November 1, 2023. Keycloak SSO customers are not impacted by this change.
How do you know if you are using Gateway SSO? You would be connecting to one of the Gateway SSO metadata endpoints below:
Test/UAT: https://gateway-v1.peoplefluent.com/saml2
Production US: https://gateway.peoplefluent.com/saml2
Production EU: https://gateway.peoplefluent.eu.com/saml2
The value being retired is in a format similar to CN=gateway.pf-labs.net. If you have only one EntityID value set up in your PeopleFluent Identity Provider, and it begins with CN=, you will need to be sure to replace it with (or add a secondary entry for) the correct EntityID value from our Gateway Metadata endpoint in the relevant environment.
Please share this information with other system users as needed. If you have any questions or concerns regarding this matter, please contact our Support Team.
Keywords: SAML SAML 2023 November 1st 11/1/2023
Created : Erik Zilli
Reviewed: