For each federated application or authenticator on your system:
- Go to the Federation\Trust Settings page in the configuration wizard and select the ‘Edit’ option above the certificate.
- In the dialog that appears select “Generate New Certificate”, save the application or authenticator.
- Return to the Federation\Trust Settings page in the configuration wizard and download the certificate
- Go to the Token Settings page and change the Signature Algorithm or samltoken.signature_algorithm value to ‘SHA256’ and save the application or authenticator. Note that this value will be disabled until a valid certificate has been generated.
- Manually upload the new certificate to your provider’s configuration
- Or if supported by your provider, refresh the configuration using the Cloud Access Manager federation metadata URL for the application or authenticator.
NOTE: Between generating the new certificate and uploading it to the service provider any requests sent to the service provider will fail. Therefore, we recommend that you complete this task in a maintenance window for each affected application.