This document describes how to generate a Single Sign-On (SSO) certificate that has expired.
Cisco recommends that you have knowledge of CloudCenter Release prior 184.108.40.206
The information in this document is based on all CloudCenter versions before 220.127.116.11
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Problem: Login fails with "Invalid username or Password"
Login fails with "Invalid username or Password" despite the correct password and username being used. This is caused by an expired Single Sign-on certificate. 18.104.22.168 includes a fix to where the certificates do not expire.
Steps to update the certificate:
Step 1. Upload the attached file (samlKeystore.jks) to the CCM. In case of HA mode, upload the file to both CCMs.
# cd /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/ & mkdir ./security
# cp /tmp/samlKeystore.jks security/
Step 2. Repackage the Cliqr Security library. In this example, we are using version 4.7.2.