Update an expiring Identity Provider certificate in SAML settings

Last Modified on 10/12/2024 10:24 am IDT


About

This guide explains how to update an expiring or expired SAML 2.0 Identity Provider (IdP) certificate in the Kaltura video portal. It is intended for video portal admins who need to update the certificate provided by the Identity Provider to ensure continued service without disruptions.

Key information

When your IdP certificate is about to expire or has already expired, the IdP admin (third party) will issue a new certificate and share it with your video portal admin. This new certificate must be updated in both the Identity Provider system and the video portal SAML module at the same time to avoid service interruptions.

  • Make sure to update the certificate in a maintenance window to avoid disruptions to your service.
  • If possible, practice on a staging instance of your video portal before updating your production system.

For additional information, refer to the Kaltura SAML integration guide.

A video tutorial demonstrating how to update the IdP settings is available below.

How to update the IdP certificate 

Follow these steps to update the certificate in the video portal's SAML module.

  1. Log in to your video portal Configuration Management page.
  2. Navigate to the SAML module.
  3. Go to the SAML settings where the Identity Provider (IdP) configurations are managed.
  4. Locate the idpMetadata section.
  5. Backup the old certificate (optional)

    6. Before making any changes, it’s a good idea to backup the old certificate from the certFileContent field. You can copy and save it in case it’s needed later.

  6. Paste the new certificate:
  • Remove any new line characters and comment lines (such as headers and footers) from the new certificate before pasting it.
  • The certificate should be a single line without spaces or additional formatting.

When pasting the certificate into the certFileContent field, ensure that you remove the following comment lines:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Only paste the content of the certificate in a single line to avoid configuration errors.

For further information, see Generating a certificate workflow.

  • Save your changes.

    • Make sure the certificate updated in the video portal matches the one configured on the Identity Provider side. If they don’t match, authentication will fail, even if the certificates are valid.

    Best practices

    • Perform this update during a maintenance window or on a staging instance to avoid service interruptions.
    • Test the new certificate configuration immediately after making the changes to ensure everything works smoothly.

    Need assistance?

    If you need help updating the SAML SSO settings or setting up a video portal staging instance to practice, you can request Professional Services assistance. Contact your Kaltura representative for more details.

    Was this article helpful?
    Thank you for your feedback!
    In This Article
    Related Articles
    Back to top

    Never miss a thing!

    Subscribe to our customer newsletter and our release notes updates, so you always get the best out of Kaltura.
    Newsletter