07/10 – Shibboleth/SAML Single Sign-On (SSO) 10-year signing certificate is expiring and logins may fail starting July 10

The Shibboleth/SAML Single Sign-On (SSO) 10-year signing certificate is expiring on July 15, 2021 but logins to applications may fail starting July 10.

What is happening

The current Shibboleth/SAML SSO 10-year signing certificate is expiring on July 15, 2021. Technology Solutions will be proactively installing a new private key on the Shibboleth Identity Provider (IDP) server on July 10, 2021 at 11:00 AM CT. This private key change may impact SSO configurations to your application, and logins may fail starting July 10.

On June 19, Technology Solutions uploaded the new public certificate to our IDP metadata and https://shibboleth.uic.edu. Our metadata will then contain two public certificates: the expiring one, and the new one.

If your application is not automatically downloading and consuming our IDP metadata, then logins to your application will fail starting July 10 unless you take action.

How to update the certificate

For more information on the private key change, where to find metadata, and instructions on updating metadata, visit How do I update the Shibboleth/SAML SSO Signing Certificate that is expiring?

Support

Many applications will likely be impacted by this private key change. Technology Solutions may not be able to provide related support in a timely manner after July 10. Technical contacts are strongly encouraged to review configurations and be prepared to update application(s) appropriately on or after July 10.

If you have any questions, please ask us at the UIC Help Center.