Support Bulletin: Hardcoded Single-Sign On Certificate Update

  • Updated

Issued: 25th October 2022

This message is to notify you that the x509 certificate used for signing our Single-Sign On SAML assertions will be expiring on November 19, 2022. This certificate is used for SSO logins to your Contrast SaaS account.

What does this mean to you?

In order to enable a smooth switchover, on October 28th we will be adding the new certificate to our SAML metadata alongside the current certificate. For most customers this certificate update requires no action on your part.

However, customers with idP configurations requiring the x509 be stored locally, will need to update the locally stored certificate. Not doing so will result in failed user logins until the certificate is updated in the idPs configuration. 

This does not affect you if: 

  • You do not utilize SSO for authentication to the Contrast UI.
  • Your idP configuration does not store the x509 locally.

 

Follow Up on: Hardcoded Single-Sign On Certificate Update

Issued: 4th November 2022

This is a follow-up to the Support Bulletin sent on October 25th regarding the certificate used for SSO logins to your Contrast SaaS account.

A small number of customers have experienced difficulties as their idPs have trouble supporting multiple certificates. As such, the decision has been taken to move directly to the new x509 certificate.

 

What does this mean to you?

We will be updating our SAML metadata with the new certificate on Nov 10th 2022 8-10PM EST. For most customers, this certificate update still requires no action on your part.

However, customers with idP configurations requiring the x509 be stored locally will need to update the locally stored certificate. Not doing so will result in failed user logins until the certificate is updated in the idPs configuration.

If you store the certificate locally and successfully updated it following the previous bulletin with no issues, then no further action is required.

This does not affect you if:

  • You do not utilize SSO for authentication to the Contrast UI.
  • Your idP configuration does not store the x509 locally.

 

If you have any additional questions, concerns, or would like to discuss this issue further, please don’t hesitate to reach out to us at support@contrastsecurity.com

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request