Updating the AD FS certificates

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23
Run the AD FS command Update-AdfsCertificate to update the Token certificates. After updating the certificates, you must specify the metadata endpoint for AD FS from the Hitachi Ops Center Portal, and then update the information about AD FS registered in Common Services.
Note: For details about Token certificates and the command, see the AD FS documentation.
  1. Log in to the AD FS server.
  2. To change the update interval of Token certificates, run the following command in PowerShell:
    Set-AdfsProperties -CertificateDuration update-interval-(number-of-days)
    The change will take effect the next time the Token certificates are updated after you change the update interval.
    Example of 3 years:
    Set-AdfsProperties -CertificateDuration 1095
  3. If you want the change to take effect immediately, run the following command in PowerShell to update the Token certificates:
    Update-AdfsCertificate -CertificateType Token-Decrypting -Urgent
    Update-AdfsCertificate -CertificateType Token-Signing -Urgent
  4. Log in to the Hitachi Ops Center Portal as the sysadmin user or as a user who is a member of the opscenter-administrators group.
  5. In the navigation bar, click Manage users.
  6. In Asset type in the Users window, click Identity providers.
  7. Click the Edit identity provider icon for the registered identify provider.
  8. For AD FS endpoint metadata URI, set the metadata endpoint for AD FS.
    For details on how to check the metadata endpoint, see Checking the AD FS metadata endpoint.
  9. Click Next without changing any other values.
  10. In the Edit identity provider - confirmation window, click Submit.