Updating federation certificates after upgrading to CAM 8.1.2
SHA-2 signing SAML requests.
After upgrading to 8.1.2 existing federated applications and authenticators will continue to use SHA-1 for certificate signing until you manually update their certificates.
Updating federation certificates:
For the enhancement to support signing of federated requests with the SHA-2 algorithm (see New Feature #467017) it was necessary to update the provider type of the private key in Cloud Access Manager, however, existing certificates generated with the old private key will still not be able to support the SHA-2 algorithm. This means that post-upgrade it is necessary to refresh the federation certificate in any federated Service Providers (applications) or Identity Providers (Front-end Authenticators) that you have configured to upgrade to use the SHA-2 algorithm. We recommend that you do this at your earliest opportunity to improve the security of your system.
For each federated application or authenticator on your system:
Please note that between generating the new certificate and uploading it to the service provider any requests to the service provider will fail. Therefore, we recommend that you complete this task in a maintenance window for each affected application.