Today we got notification that IDP cert change season is upon us so it was the first time I had the chance to perform a cert swap to test feature 4975. The following was what was done and the result
- Upgrade the target gateway to 8.1.18
- Login to the gateway using SAML SSO >> Success
- Using the existing SAML IDP connection, perform a test login >> Success
- On the IDP side, swap to the new cert which expires in 2023
- Perform another test login >> Fail
- Update the following settings on the IDP connection:
- Performed another test login >> Success
- Logged out of and then back into the gateway >> success
So at least on the initial test that I have done at one site, as long as the Ignition version is correct and the proper settings are made in the gateway IDP connection (shown in the above photo) when swapping the cert on the IDP provider side, the gateway will automatically recognize and download the new metadata without having to import it manually.
We will have a good deal of work to do this year in order to get everything in place, but from next year we will see real benefits in terms of how much effort is required to make the yearly IDP provider side cert swap.