Credentials for side_door.do?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-25-2016 09:40 AM
Hi,
I'm a beginner in ADFS, SAML.
I understand that side_door.do is to bypass SSO and get in using external authentication.
What credentials does the admin need to use for username and password to get in?
Normal sign in credentials are not working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-25-2016 12:31 PM
A recommendation would be to have at least one admin account with a local account setup to manage your installations in case you cannot access your LDAP source. Utilizing a local account will allow access when Issues such as your SSO certificates and potential outages to the LDAP server. Also a good practice is when managing your SAML 2.0 certificates to plan their expiration date/time when your admins are available in the office and can make the change. We had certificates expire in early morning times and figured out we could change it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-25-2016 01:15 PM
Thanks. This is the first time our certificate is expiring since we went live.
We will be getting our SAML 2.0 certificate before the expiry of the existing one, can we just upload the new one before the old one expires in X.509 certificate? to avoid issues.
When do we need to rename it to SAML2.0 and inactivate the old one?
Could you share some info from your experiences updating them?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-25-2016 01:45 PM
The issue with uploading the new one is the old one is most likely the certificate being used on the ADFS side unless it is the primary configuration.
ADFS will generate a certificate X number of days (I think default is 20) before the actual expiration and stores it in a 'secondary' configuration. 5 days after it is generated it will promote it to the primary configuration and the primary is moved to the secondary configuration until it expires 15 days later.
The challenge with a number of systems is they look at the primary field only and when this switch happens is when you will lose your access until you update your certificate. We chose not to do the automatic certificate rollover and timed the change with our service groups. Switching them at 3:00am was not fun.
I found a number of links could be helpful in this endeavor.
Auto Certificate Rollover « Jorge's Quest For Knowledge!
