Articles in this section

Templafy SAML2 Signing Certificate Change

Updated

About this article

This article focuses on the upcoming Templafy SAML2 certificate change. It delves into the reasons behind the change and highlights its significance for maintaining secure online communications.

 

 
  • The certificate expires on 03-Oct-2024 and will be replaced on 01-Oct-2024 at 7:30 AM CET (we expect the swap to be complete by 8:30 AM CET)
  • The new certificate will be available from 29-Aug-2024
  • Failing to update the certificate will result in your users being unable to log into Templafy

 

Background Information

A SAML2 signing certificate is a digital credential used in online security to verify the authenticity of messages exchanged between Templafy and the Identity Providers of our customers. It ensures that the information sent and received hasn't been tampered with and comes from a trusted source.

Templafy replaces its SAML2 signing certificate for Templafy One once per year due to security concerns and certificate expiration.

Customers must import the new certificate into their Identity Provider to establish a secure connection with the updated certificate on the Templafy side.

Failure to update the certificate will lead to an interruption of the authentication flow, preventing all users from logging into Templafy.

 

Setup guide

We have outlined two options for you to update your Identity Provider (IdP) with the new certificate: 

  1. Automatic Update (Recommended): If your service metadata is automatically fetched from https://app.templafy.com/AuthServices, you're all set! However, we recommend quickly verifying that the metadata (certificate) hasn't been updated manually.

  2. Manual Update: For IdPs not set up for automatic updates, please follow these steps:

 

Automatic Update Guide for Active Directory Federation Services (ADFS)

If you utilize an ADFS as your Identity Provider (IdP), please refer to the following steps for the certificate change and to automatically update the relying party trust:

  1. Log on to the ADFS server.
  2. Access AD FS Management Console (Windows Start menu > All Programs > Administrative Tools > AD FS Management.
  3. In AD FS Management Console, under Trust Relationships, select Relying Party Trusts.
  4. In the list of trusts displayed, find the Templafy
  5. Double click the Templafy relying party trust and check if the setting “Automatically update relying party” is enabled under Monitoring tab:

 

Manual Update Guide for Active Directory Federation Services (ADFS)

If you utilize an ADFS as your Identity Provider (IdP) and want to manually update the certificate, please refer to the following steps:

  1. Navigate to the Templafy relying party trust configuration as described above
  2. Right click the Templafy relying party and select Update from Federation Metadata
  3. Click Update
  4. Once done, kindly check if the new certificate was downloaded- can be seen in the Signature tab of the relying party:

Should you block access to the external network on your ADFS and need to add Templafy Certificate manually to the certificate store, please let us know and we will provide the certificate in the relevant format.

 

 
  • The upcoming certificate will expire on 01-Oct-2025, if you are using the manual update please put a reminder ideally early September 2025 to revisit this article and renew the certificate accordingly.

 

Related articles

 

Related to

SAML2 Certificate SSO Change of certificate
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.