Updating AAD SAML Provider certificate in Jira Align shows old expiration date
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
After updating an Azure Active Directory (AAD) SAML Provider's certificate in Jira Align, the UI continues to display the old certificate's expiration date instead of the new certificate.
Diagnosis
After updating an AAD SAML Provider's certificate in Jira Align under Settings > Platform > Security > [saml_provider], the panel continues to display the old certificate expiration.
Cause
This issue can occur when both the new and old SAML Signing Certificates exist in AAD's SAML configuration.
In this case, the resulting SAML Metadata XML, which is downloaded from AAD and added to Jira Align, will contain both the new and old certificates. Jira Align will display the oldest certificate found in the metadata.
Solution
Jira Align will still be able to validate the new certificate from the AAD since it has a copy of it's public key. Therefore, customers should not experience any disruptions with access despite the old certificate information being displayed.
To resolve the issue
In AAD, navigate to [Jira Align application]> Single sign-on >SAML Signing Certificate, click Edit.
Download copies of both the Inactive (expired) and Active certificates as a backup.
Delete the Inactive (expired) certificate.
Download a new copy of the SAML Metadata XML under [Jira Align application]> Single sign-on >SAML Signing Certificate > Federation Metadata XML, click Download.
Update the SAML Provider configuration in Jira Align with the new Metadata =Settings > Platform > Security > edit [saml_provider], paste metadata into SAML 2.0 Metadata. Save and Close.
Refresh the page and confirm the new cert expiration is now reflected in the UI.
Verify that SSO users can login successfully.
References:
Was this helpful?