How to update an expiring Identity Provider Certificate in SAML Settings?

This document contains detailed requirements for updating the SAML 2.0 identity provider signing certificate.

If the certificate is going to expire soon or has already expired. The Identity Provider admin (third party) would get a new certificate issued and would share the same with the Kaltura Mediaspace admin of your company. The Mediaspace admin would need to make the changes as suggested below once they receive a new cert from the IDP admin. The new certificate should be updated both on the Identity Provider end and Mediaspace SAML module Settings simultaneously to avoid service disruptions. For additional information, please refer to Kaltura MediaSpace™ SAML Integration Guide .

The following video demonstrates how to update the IDP settings

To update the IDP settings in Kaltura Mediaspace 

  1. Log into your KMS admin page.
  2. Navigate to the SAML module.
  3. Locate the idpMetadata section
    3.1. Recommended: Backup the old certificate from the certFileContent field.
    3.2. Paste the new certificate under the certFileContent fieldRemove any new line characters or comment lines from the content string, it should be a single line with no spaces, headers, or footers. See Generating a Certificate Workflow.
  4. Save.

The Kaltura Medispace certificate must match the one that is configured on the Identity Provider (IdP) side. Otherwise, the authentication will fail even if the certificates are valid and up to date.

To avoid service disruption, it is recommended to carry out the update at a maintenance window and/or on a KMS staging instance first. 

If you require help in updating the SAML SSO settings or in configuring an additional KMS staging instance to practice with SAML SSO, you may request Professional Services assistance and get a dedicated PS engineer to work with you. If needed, please contact your Kaltura representative to explore this option with you.

In This Article
Was this article helpful?
Thank you for your feedback!