You may need to update the X.509public key certificate for communication with a single-sign on (SSO) Identity Provider (IdP) for security reasons. This certificate is contained within CrashPlan's metadata XML file. This article explains how to update the XML file so that the single sign-on certificate is also updated.
See our other articles to learn more about how to replace the self-signed certificate with a CA-signed certificate or to get an introduction to CrashPlan single sign-on.
Before you begin
Update the certificate on your Identity Provider before updating the CrashPlan XML file. Consult your specific identity provider's documentation for more information.
Update CrashPlan's certificate
You can update the single sign-on certificate either by allowing the CrashPlan console to update automatically on its regular interval or by removing your Identity Provider and re-adding it to the CrashPlan console. The option you choose depends on how quickly you need to update the certificate.
Option A: Wait for the CrashPlan console to update the XML metadata file automatically
In most cases, CrashPlan recommends waiting for the CrashPlan console to update the metadata file automatically. CrashPlan checks the Identity Provider metadata URL every 6 hours. If you updated the certificate on the Identity Provider, CrashPlan will update the XML file and certificate the next time it checks the metadata URL.
Option B: Re-add your Identity Provider
If you need to immediately update your certificate, delete and re-add your Identity Provider in the CrashPlan console.
- Sign in to the CrashPlan console.
- Go to Settings > Security.
- (CrashPlan environments with on-premises authority server only) Select the Single Sign-On tab.
- Select the identity provider, and note the current configuration (for example, attribute mappings and display name).
- Next to your identity provider, click delete this provider.
- Click Add Identity Provider or Federation.
- In Identity Provider metadata URL, enter the URL for the identity provider metadata XML file.
- Click Continue.
Additional Identity Provider settings appear.
- Set up the Identity Provider to match the previous configuration you noted in step 3:
- In Display name, enter an identity provider name.
- (Optional) Customize mappings between CrashPlan user attributes and identity provider SSO assertion attributes.
- Deselect Use default mapping.
- Configure mapping settings for each CrashPlan platform user attribute:
Username: Specify the SSO identifier or attribute that maps to the CrashPlan username.
- Select Use nameId to use the SSO name identifier.
- Select Use Attribute tag to enter a custom SSO attribute.
- Email: Enter the SSO attribute that contains user email addresses.
- First name: Enter the SSO attribute that contains user first names.
- Last name: Enter the SSO attribute that contains user last names.
- Username: Specify the SSO identifier or attribute that maps to the CrashPlan username.
- Click Save.