Syncplicity Support

Follow

URGENT Action Required to Switch to New Syncplicity Signing Certificate

What is changing?

  • The existing Syncplicity SSO digital signature verification certificate is expiring
  • Syncplicity SSO SAML requests will be signed using the SHA-256 algorithm

What action must I take?

When will these changes take effect?

The change will occur on December 9th 2015 from 5:00 PM to 9:00 PM Pacific Time.

What happens if I take no action?

If you take no action, after December 9th 2015 your users will no longer be able to authenticate to Syncplicity using SSO (unless your SSO system does not check the SAML request signature).

Who can I contact for further information?

If you have questions or need additional assistance, please contact support@syncplicity.com

====================================================

 

ADFS

  • Click here to access the certificate file (Note: the certificate was updated on December 4th, 2015 and if the certificate was downloaded prior to this date it will need to be re-downloaded)
  • Copy the entire certificate text and save it to a text file named sso_sha2_syncplicity_com.cer

  • Log onto the ADFS server

    • Go to the Syncplicity Relying Party Trust --> Properties

    • Click on Signature tab

    • Click on Add

    • Browse to where you downloaded the certificate, now named sso_sha2_syncplicity_com.cer and select it

    • Click “OK” on all the dialog prompts

    • On December 9th, 2015 between 5:00 PM to 9:00 PM Pacific Time:

      • Go to the Syncplicity Relying Party Trust --> Properties

      • Click on Advanced tab

      • Click drop down for “Secure Hash Algorithm”

      • Select “SHA-256”

      • Click “OK” on all the dialog prompts

Shibboleth

  • Click here to access the certificate file (Note: the certificate was updated on December 4th, 2015 and if the certificate was downloaded prior to this date it will need to be re-downloaded)
  • Copy the entire certificate text and save it to a text file named sso_sha2_syncplicity_com.cer.txt
  • In your relying-party.xml, identify the metadata file pointed to by the MetadataFile attribute e.g. "/opt/shibboleth-idp/metadata/syncplicity.xml" in the snippet below:
<MetadataProvider id="Syncplicity" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" metadataFile="/opt/shibboleth-idp/metadata/syncplicity.xml" maintainExpiredMetadata="true" />
  • Open the metadata file identified in the previous step and replace everything between the <X509Data> and </X509Data> tags with the contents of the sso_sha2_syncplicity_com.cer.txt file 

  • Note that the certificate text string should be one single line

OneLogin and Okta

  • No action is required for these Identity Providers

All Other Identity Providers (PingFederate, PingOne, CA SiteMinder, Centrify, Oracle OIF, OpenAM, etc.)

  • Click here to access the certificate file (Note: the certificate was updated on December 4th, 2015 and if the certificate was downloaded prior to this date it will need to be re-downloaded)
  • Copy the entire certificate text and save it to a text file named sso_sha2_syncplicity_com.cer
  • Log onto the identity provider server
  • Go to the Syncplicity service configuration
  • Under the signature verification section, browse the file system and upload the new Syncplicity SHA-256 certificate (sso_sha2_syncplicity_com.cer)
  • Ensure that the algorithm used to verify the SAML request signature is set to SHA-256 (if your SSO system does not allow the simultaneous verification of both SHA-1 and SHA-256 signatures, then only make the algorithm selection change during the December 9th 2015 from 5:00 PM to 9:00 PM Pacific Time window)

 

Powered by Zendesk