Syncplicity Support

Search our knowledgebase to get the help you need, today

Follow

URGENT Action Required to Switch to New Syncplicity Signing Certificate

Overview

The following describes what's changing and the required actions.

For detailed information, check out this video on why and how to renew your Syncplicity signing certificate .

What is changing?

The existing Syncplicity Single Sign-On (SSO) digital signature verification certificate is expiring.

 

What action must I take?

From the following list, select your identity provider and follow the instructions:

  •  ADFS (Active Directory Federation Services)
  •  Azure AD
  •  Shibboleth
  • OneLogin and Okta
  • Other identity providers

When will these changes take effect?

The change will occur on January 4, 2024, from 8:00 PM to 12:00 AM Pacific Time.

What happens if I take no action?

If no action is taken, after January 4, 2024, your  users will no longer be able to authenticate to Syncplicity using SSO  (unless your SSO system does not check the SAML request signature). This will not affect users from Desktops and Mobile devices that have already logged in.

Who can I contact for further information?

If you have questions or need additional assistance, contact support@syncplicity.com.

Instructions

The following are instructions for different identity providers.

ADFS

The following steps describe the procedure for SSO with ADFS:

  1. Download SSO Certificate  to access the certificate file.
  2. Copy the entire certificate text and save it to a text file named sso-syncplicity-certificate-2024.cer.

Log in to the ADFS server:

  1. Open the Syncplicity Relying Party Trust→  Properties.
  2. Click the Signature tab.
  3. Click Add.
  4. Browse to where you downloaded the certificate (now named sso-syncplicity-certificate-2024.cer) and select it.
  5. Click OK on all the dialog prompts.
  6. On January 4, 2024, between 8 PM and 12 AM Pacific Time:

    1. Open the Syncplicity Relying Party Trust→  Properties.

    2. Click the Advanced tab.

    3. Click the drop down for Secure Hash Algorithm.

    4. Select SHA-256.

    5. Click OK on all of the dialog prompts.

See our video on why and how to renew your Syncplicity signing certificate for detailed information.

Azure AD

No action is required for this identity provider.

 

Shibboleth

The following steps describe the procedure for SSO with Shibboleth:

  1. Download SSO Certificate to access the certificate file. 
  2. Copy the entire certificate text and save it to a text file named sso-syncplicity-certificate-2024.cer.
  3. In your relying-party.xml, identify the metadata file pointed to by the MetadataFile attribute. For example, "/opt/shibboleth-idp/metadata/syncplicity.xml" in the following code:

     

    <MetadataProvider id="Syncplicity" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" metadataFile="/opt/shibboleth-idp/metadata/syncplicity.xml" maintainExpiredMetadata="true" />

     

  4. Open the metadata file identified in the previous step and replace everything between the <X509Data> and </X509Data> tags with the contents of the sso-syncplicity-certificate-2024.cer file.
    NOTE: The certificate text string should be one single line.

OneLogin,Okta, SecureAuth, JumpCloud

No action is required for these identity providers.

Other identity providers

The following steps describe the procedure SSO for other identity providers, such as PingFederate, PingOne, CA SiteMinder, Centrify, Oracle OIF, and OpenAM.

  1. Download SSO Certificate to access the certificate file.
  2. Copy the entire certificate text and save it to a text file named sso-syncplicity-certificate-2024.cer.
  3. Log onto the identity provider server.
  4. Go to the Syncplicity service configuration.
  5. Under the signature verification section, browse the file system and upload the new Syncplicity SHA-256 certificate (sso-syncplicity-certificate-2024.cer).
  6. Ensure the algorithm used to verify the SAML request signature is set to SHA-256 (if your SSO system does not allow the simultaneous verification of SHA-256 signatures, then only make the algorithm selection changes during the January 4, 2024, 8:00 PM to 12:00 AM Pacific Time window).
Powered by Zendesk