How to renew the Azure SAML IdP certificate on the firewall for GlobalProtect when it expires

How to renew the Azure SAML IdP certificate on the firewall for GlobalProtect when it expires

74253
Created On 10/13/22 06:34 AM - Last Modified 01/31/26 00:23 AM


Objective


•    Azure SAML IdP certificate for GlobalProtect with SAML authentication expires
•    Need to renew the Azure SAML IdP certificate on the firewall
 

Environment


•    Palo Alto Firewall
•    GlobalProtect with Azure SAML authentication profile

Procedure


  1. Make sure to delete the old certificate on the Azure SAML IdP side
  2. Then export the new SAML metadata XML file (which has only the new certificate) from Azure IdP
  3. Import the new metadata XML file into FW through the new SAML Identity Provider profile 
  4. After that, navigate to Device > Certificate Management > Certificates to verify and confirm the Azure SAML IdP certificate is automatically renewed on the firewall successfully.


 

Additional Information


NOTE : If we import new metadata XML file using the same profile as the existing one however it failed with an error
: Failed to parse IDP Metadata.

 

 

 

we need to make sure to import new metadata XML file with new profile.

 

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEVuCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language