X.509 Certificates

What is an X.509 Certificate and what does it do?

An X.509 certificate is a digital certificate that uses the X.509 public key infrastructure standard to verify whether a public key belongs to the user, computer or service identity contained within the certificate.

You will generate an X.509 certificate as part of the process of configuring SSO with your Identity Provider (IdP). The information contained in the X.509 certificate will be included as part of the Igloo side SSO configuration and will be placed in the “Public Certificate” field. Igloo will then compare the value in the Public Certificate field to the X.509 information contained in the SAML response from your IdP as part of the authentication process. The full information for the Igloo SSO configuration can be found here

What Can Go Wrong?

If the value on the Igloo side and the value being passed by your IdP do not match then the SSO authentication process will fail. The mismatch could happen for the following reasons:
1. The certificate entered on the Igloo side is incorrect. Perhaps the information was not copied and pasted correctly or was modified after being pasted.
2. The information that is put into Igloo is the wrong kind of information. There are some different types of certificates that might be generated in by your IdP and it is possible that the wrong type of certificate has been included in the Public Certificate field. An X.509 certificate should look like this:
whatisit1.png3. The certificate has changed on the IdP side. The value that has been entered in Igloo is static. This means that if the X.509 certificate is ever changed on the IdP side then the Igloo settings will not automatically be updated and must be modified manually. Many IdPs do periodically change these certificate values and you should check the policies for each IdP to see how often this can happens and for settings to control the rollover frequency.In each of these cases the resolution process will be the same: you will need to identify the correct X.509 certificate value and then insure that that correct value is represented in the Public Certificate field

What Can I Do?

The first step to troubleshoot certificate issues is to conduct a SAML Trace and then compare certificates between the SAML response you obtained and the values stored in your configuration in Igloo. If they do not match, update the one in your workplace. If they do, deeper investigation is likely necessary. Contact support@igloosoftware.com for assistance if needed.

Viewed 104 times