Failing to complete the update process by October 25, 2021 at 10:00 am eastern will result in the loss of authentication and ability to use single sign on at your institution to the Anthology Course Evaluations product.
The ADFS system will not accept the new metadata with the additional Shibboleth certificate. The metadata provided (via email) contained both the new and old certificates that most IDP systems are able to consume and store both certificates, however the ADFS systems is recognizing the second certificate as a conflicting signature block within the metadata rather than an additional one.
To mitigate this situation and to avoid having any login impacts during the certificate change please follow the instructions outlined below. These instructions will walk you through manually adding the new certificate to your Relying Party Trusts configuration for the ADFS system.
The procedure for ADFS clients to update the certificate are below.
- Pre-configuration steps: Download the .cer file from here https://help.courseval.net/Public/cert/shib_ce_2031-cert.zip
- In Server Manager, click Tools, and then select AD FS Management.
- In the left navigation pane, click Relying Party Trusts.
- Right click on the entry related to your Course Evaluations SSO, and select Properties
- Select the Signature tab.
- Click on Add at the bottom of that page
- Browse to the .cer file you downloaded earlier and select it.
- Once that is completed and showing in the Signatures tab you can select the previous certificate and select Remove.
- Click on Apply then OK to close the window.
I’m not sure who should take care of this?
If you are not the appropriate person to handle updating the metadata, please forward this message to your institution’s authentication manger or Director of IT.
Why is this process different for ADFS users?
For context - when your Course Evaluations site is configured for SSO using the SAML option users who hit the login page are sent over to your IDP for authentication and our system (as the service provider) sends along a signature to verify they are coming from the trusted party you have configured in your IDP. The certificate that is used to create that signature is the one that we are changing and our method of doing so was meant to impact as few clients as possible.
I still have questions, who can I speak to?
If you'd like to learn more, please create a support case via this form.