Problem: ArcGIS Online SAML Authentication signing and encryption certificate renewal (2022)
ArcGIS Online has a new SAML signing and encryption certificate available. This certificate is necessary when an organization has enabled signed requests or encrypted assertions. The previous SAML signing and encryption certificate expires on September 25th, 2022 and it is necessary to take action to ensure that your organization can continue to use your Enterprise Identity Provider (IDP). SAML enterprise logins that use the old certificate for signed requests or encrypted assertions continue to work until September 24th, 2022.
If the ArcGIS Online metadata file (that contains the new signing certificate), was not uploaded into the Identity Provider (IDP) before September 25th, 2022, and the “Enable Signed Request” option is enabled, an error occurs when organization members sign into ArcGIS Online with an Enterprise SAML account. This error is an IDP-specific message displayed in place of the IDP sign-in page.
Solution or Workaround
During this transition, ArcGIS Online as the Service Provider (SP), continued to accept the old certificate to keep services available. The Organization's IDP must update its registration using the available ArcGIS Online SP metadata, which includes both the old and new signing certificates. Now that the transition period has ended, the IDP can be updated again after September 25th, 2022, if removal of the old certificate is desired but is not required.
To enable your IDP to discover the new certificates, available starting August 29th, 2022, you must re-register ArcGIS Online as your trusted services provider. The process for this varies by the SAML identity provider used, however tutorials on how to do this can be found by following the links below, within the section titled: “Register ArcGIS Online as the trusted service provider with [IDP name]".
If you have any questions, please contact Esri Technical Support.
Last Published: 8/30/2022
Article ID: 000022078
Software: ArcGIS Online Current