Use Cases

Updating a PingOne for Enterprise verification certificate on an unmanaged PingFederate identity bridge

If you use an unmanaged manual PingFederate connection as the identity provider (IdP) for PingOne for Enterprise, and your certificate is about to expire, you must update your signing certificate in PingFederate and your verification certificate in PingOne for Enterprise.

Before you begin

The instructions in this guide are deprecated. For existing unmanaged PingFederate connections to PingOne for Enterprise, you can update the verification certificate as an IdP certificate. Learn more in Updating a verification certificate in the PingOne for Enterprise documentation.

Unmanaged PingFederate connections are a legacy function. You can no longer create an unmanaged manual connection to PingFederate.

Components

  • PingOne for Enterprise

  • PingFederate 10.2

In PingFederate, go to Applications > SP Connections and check whether your PingFederate connection is unmanaged. If your connection to PingOne for Enterprise is unmanaged, it’s labeled SAML 2.0.

About this task

If you try to update an identity repository verification certificate for an unmanaged connection, PingOne for Enterprise generates a new activation key for use in creating a new managed connection to PingFederate. Because your user data and PingOne for Enterprise functionality depend on the settings in the existing connection, avoid creating a new connection.

Steps

  1. In PingFederate, go to Security > Signing & Decryption Keys & Certificates.

  2. Click Create New.

  3. Enter values for the following required fields:

    1. In the Common Name field, enter a name for the certificate.

    2. In the Organization field, enter the name of your organization.

    3. In the Country field, enter the country.

    Learn more about the certificate creation form in Creating new certificates in the PingFederate documentation.

  4. Click Next.

  5. Review the certificate values. Click Save.

  6. In the row for the certificate that you created, in the Select Action list, click Export.

  7. Click Certificate Only and click Next.

  8. Click Export and save the certificate.

  9. In PingOne for Enterprise, go to Setup > Certificates.

  10. Expand the certificate currently being used for the PingFederate connection.

    To show just the verification certificates, select Verification Certificates in the filter list at the top of the page.

  11. On the Usage tab, click PingFederate and upload the new certificate.

  12. In PingFederate, go to Applications > SP Connections.

  13. Click the PingOne connection.

  14. Go to Credentials > Configure Credentials > Digital Signature Settings, and in the Signing Certificate list, select the certificate that you created.

  15. Click Save.