Changes to be made in the eMAM system upon renewal of the ESSO certificate using WS-FED

Follow the below steps to make the ESSO login page up after a certificate renewal.

1. Obtain the certificate in cer format. If it’s in txt format it may be saved with cer extension.
    If the certificate is unavailable, it can be retrieved from the WS- FED metadata link.
  •  Access the link of the metadata, eg: https://domain:8443/nidp/wsfed/metadata.
  •   Copy the value under <ds:X509Certificate> tag.
 
  •     Paste it in the text editor and save the file with a cer extension. This would be the certificate file.

2. Go to the eMAM web server and open the Certificate Manager (certmgr.msc) and install the certificate under Trusted People.
 
 
3. Open the certificate file and obtain the hexadecimal Thumbprint value of the certificate from the Details tab.

 
 
4. Open the eMAM Gateway config file from C:\Program Files\Empress Media\eMAM Gateway. Find the <trustedIssuers> tag and give the new Thumbprint value.
 
Eg: <trustedIssuers>  
      <add thumbprint="6949934283c6dc35b800de09a76d03153110e701" name=https://domain:8443/nidp/saml2/metadata />
      </trustedIssuers>
 
    Save the file.
 
Now check whether the SSO login page works fine.