Syncplicity Support

Follow

URGENT Action Required to Switch to New Syncplicity Signing Certificate

Overview

What is changing?

The existing Syncplicity Single Sign-On (SSO) digital signature verification certificate is expiring.

For a detailed information, check out this video on why and how to renew your Syncplicity signing certificate.

NOTE: You must enter your email address prior to viewing the video.

What action must I take?

From the following list, select your identity provider and follow the instructions:

When will these changes take effect?

The change will occur on January 10, 2019 from 8:00 PM to 11:00 PM Pacific Time.

What happens if I take no action?

If no action is taken, after January 10, 2019 your users will no longer be able to authenticate to Syncplicity using SSO (unless your SSO system does not check the SAML request signature). This will not affect users from Desktops and Mobile devices that have already logged in.

Who can I contact for further information?

If you have questions or need additional assistance, contact support@syncplicity.com.

 

=========================================================

Instructions

 

ADFS

The following steps describe the procedure for SSO with ADFS:

  1. Click here Download SSO Certificate to access the certificate file.
  2. Copy the entire certificate text and save it to a text file named sso-syncplicity-certificate-2019.cer.

Log in to the ADFS server:

  1. Open the Syncplicity Relying Party Trust→  Properties.
  2. Click the Signature tab.
  3. Click Add.
  4. Browse to where you downloaded the certificate (now named sso-syncplicity-certificate-2019.cer) and select it.
  5. Click OK on all the dialog prompts.
  6. On January 10, 2019 between 8:00 PM to 11:00 PM Pacific Time, perform the following steps:

    1. Open the Syncplicity Relying Party Trust→  Properties.
    2. Click the Advanced tab.
    3. Click the drop down for Secure Hash Algorithm.
    4. Select SHA-256.
    5. Click OK on all of the dialog prompts.

 

Shibboleth

The following steps describe the procedure for SSO with Shibboleth:

  1. Click here Download SSO Certificate to access the certificate file. 
  2. Copy the entire certificate text and save it to a text file named sso-syncplicity-certificate-2019.cer.
  3. In your relying-party.xml, identify the metadata file pointed to by the MetadataFile attribute. For example, "/opt/shibboleth-idp/metadata/syncplicity.xml" in the following code.
  4. Open the metadata file identified in the previous step and replace everything between the <X509Data> and </X509Data> tags with the contents of the sso-syncplicity-certificate-2019.cer file.
    NOTE: The certificate text string should be one single line.
<MetadataProvider id="Syncplicity" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" metadataFile="/opt/shibboleth-idp/metadata/syncplicity.xml" maintainExpiredMetadata="true" />


OneLogin and Okta

No action is required for these Identity Providers.

Other Identity Providers

The following steps describe the procedure SSO for other identity providers, such as PingFederate, PingOne, CA SiteMinder, Centrify, Oracle OIF, and OpenAM:

  1. Click here Download SSO Certificate to access the certificate file.
  2. Copy the entire certificate text and save it to a text file named sso-syncplicity-certificate-2019.cer.
  3. Log onto the identity provider server.
  4. Go to the Syncplicity service configuration.
  5. Under the signature verification section, browse the file system and upload the new Syncplicity SHA-256 certificate (sso-syncplicity-certificate-2019.cer).
  6. Ensure the algorithm used to verify the SAML request signature is set to SHA-256 (if your SSO system does not allow the simultaneous verification of SHA-256 signatures, then only make the algorithm selection changes during the January 10, 2019, 8:00 PM to 11:00 PM Pacific Time window).

 

Instruction video

In order to view the video, please sign the guestbook

 

Powered by Zendesk