Rotate the certificate for SAML Authentication
This document outlines the process to rotate the public key certificate used for SAML authentication. This operation requires Administrator privileges.
You may experience some authentication downtime while DeployGate and your Identity Provider (IdP) complete the certificate rotation. Please consider this downtime when planning your certificate rotation work.
Rotate the public key certificate from the Admin Console
1. Download a new public key certificate (X.509 format) from your IdP
Please download a new public key certificate in the X.509 format. Please contact your IdP service for download instructions or assistance.
2. Update the public certificate key from the admin console
Open the Workspace Admin Console and select Authentication from the menu. In the SSO Authentication Restriction Settings section, select Edit configurations/certificate.
In the Public Key Certificate section, click on Choose File to upload the public key certificate (.pem file).
After uploading the file, select Change to rotate the certificate.
3. Authenticate
Please check if your account or test accounts can be authenticated through SP-initiated SAML and/or IdP-initiated SAML. DeployGate’s public key certificate rotation process completes if the authentication succeeds without any errors.
Rotate the certificate via the Web API
Please refer to the API Reference - Update the certificate for SAML authentication document for more details.
Preparation: Obtain the API Key
Please refer to the Admin Guide - Using the Workspace API Key document for information on how to obtain the Workspace's API Key. You can also visit the API Reference guide for details about obtaining a Workspace Administrator’s User API Key. We recommend using the Workspace API Key for the smoothest operations and to avoid permission issues.
1. Download a new public key certificate (X.509 format) from your IdP
Please download a new public key certificate in the X.509 format. Please contact your IdP service for download instructions or assistance.
2. Call the Web API via the command line
The following code sample uses “curl” to call the Web API. If you would like to use “wget” or other commands, please ensure that the “idp_cert” field is a file part instead of the certificate’s content.
curl \
-X PUT \
--url "https://deploygate.com/api/enterprises/${Workspace Name}/saml_settings/update_certificate" \
-H "Authorization: Bearer ${API Key}" \
-F "idp_cert=@${Path to the new certificate}"
3. Authenticate
Please check if your account or test accounts can be authenticated through SP-initiated SAML and/or IdP-initiated SAML. DeployGate’s public key certificate rotation process completes if the authentication succeeds without any errors.