This document describes how to generate a Single Sign-On (SSO) certificate that has expired.
Cisco recommends that you have knowledge of CloudCenter Release prior 18.104.22.168
The information in this document is based on all CloudCenter versions before 22.214.171.124
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Problem: Login fails with "Invalid username or Password"
Login fails with "Invalid username or Password" despite the correct password and username being used. This is caused by an expired Single Sign-on certificate. 126.96.36.199 includes a fix to where the certificates do not expire.
Steps to update the certificate:
Step 1. Upload the attached file (samlKeystore.jks) to the CCM. In case of HA mode, upload the file to both CCMs.
# cd /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/ & mkdir ./security
# cp /tmp/samlKeystore.jks security/
Step 2. Repackage the Cliqr Security library. In this example, we are using version 4.7.2.