FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DynaTrace SAML certificate upload

MichalP
Newcomer

‎20 Feb 2024 10:35 AM - last edited on ‎22 Feb 2024 10:55 AM by Community Team

Hi, 

I am working with DynaTrace along with Azure. I have followed steps in Documentation and downloaded official cert - than I have uploaded it in SAML-based Sign-on section (in Verification certificates (optional)) - as per documentation.

Than users could not login. I have than created new cert in Token signing certificate section, but users got 400 error.

How can I upload cert to make it work? 

I still have that information after logging; 

sso.pngc2.png400.png

Labels:
0 Kudos
Reply
10 REPLIES 10

AntonPineiro
DynaMight Guru
DynaMight Guru

‎20 Feb 2024 10:38 AM

Hi,

Sharing this in case is useful.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
Reply

MichalP
Newcomer
In response to AntonPineiro

‎20 Feb 2024 10:40 AM

Accualy I have gone through this page, but no success. Any other suggestions?

0 Kudos
Reply

PacoPorro
Dynatrace Champion
Dynatrace Champion
In response to MichalP

‎20 Feb 2024 10:49 AM

Did you try to disable "Require Verification Certificates" in Azure?
https://docs.dynatrace.com/docs/shortlink/mandatory-saml-cert-migration#require-verification-certifi...

0 Kudos
Reply

MichalP
Newcomer
In response to PacoPorro

‎20 Feb 2024 12:19 PM

In fact it is disabled by default, all the time in Microsoft Entra. If I switch it on user loose connectivity.ccc.png

0 Kudos
Reply

MichalP
Newcomer
In response to PacoPorro

‎20 Feb 2024 01:58 PM

is the certificate on page usefull at all in this case?

0 Kudos
Reply

PacoPorro
Dynatrace Champion
Dynatrace Champion
In response to MichalP

‎20 Feb 2024 02:07 PM

@MichalP wrote:

is the certificate on page usefull at all in this case?

As per the doc:

Dynatrace SSO will use the old certificate when signing SAML messages until you perform the migration described in this document. In such cases, adding the new certificate and enabling the "Require Verification Certificates" option will break the federation because Azure would attempt to verify the signature using the new certificate. In contrast, SSO would still use the same one. To transparently switch the signing certificate while retaining the signature verification, please add both certificates - the old one (down below) and the new one (provided above). Having both certificates in place, Azure would choose the right one, regardless of which SSO used one to sign the SAML message.



0 Kudos
Reply

MichalP
Newcomer
In response to PacoPorro

‎20 Feb 2024 03:10 PM

Can you pls provide the source of this article? 

0 Kudos
Reply

PacoPorro
Dynatrace Champion
Dynatrace Champion
In response to MichalP

‎21 Feb 2024 07:38 AM

As recommended by @tijust1 , your option is a support ticket.

0 Kudos
Reply

MichalP
Newcomer
In response to PacoPorro

‎20 Feb 2024 03:33 PM

I have tried to upload both but still same error.

MichalP_0-1708443184862.png

 

0 Kudos
Reply

tijust1
Advisor

‎20 Feb 2024 11:38 PM

@MichalP No other choice except open a support ticket and involve Dynatrace engineer. i feel that's the only way to fix this. I have updated but didn't encounter this kind of issue.

Dynatrace Professional Certified
0 Kudos
Reply
Ask a question

Featured Posts