Most Single Sign-On (SSO) certificates will expire and need to be renewed at some point. However, Slate references your metadata from a publicly available URL; therefore, your IT team or SSO manager can update the certificate without any assistance from Technolutions.
SSO works based on a trust relationship between:
- An application (the service provider)
- An identity provider
This trust relationship is usually based on a certificate exchanged between the identity provider and the service provider. This certificate is used to sign identity information sent from the identity provider to the service provider to know it is coming from a trusted source. The certificate used must match your SAML response.
Slate checks the metadata every 20 minutes, and it will continue using the old metadata until it discovers that something has changed. When this change is made, users may be unable to log in for up to 20 minutes. For this reason, it is recommended that the certificate be updated outside of business hours.