SAML SSO Certificates Test

The eG manager uses SAML (Security Assertion Markup Language) Single Sign-On (SSO) certificates (digital certificates) to establish trust and secure communication between an Identity Provider (IdP) and a Service Provider (SP) when the SSO feature is enabled in eG Enterprise. The SAML SSO certificate is primarily used to digitally sign SAML authentication responses and sometimes encrypt the responses so the receiving system can verify that the message is authentic and has not been altered. The SAML SSO certificates ensure secure user authentication, protect sensitive identity data, and maintain trust between integrated applications, enabling seamless and secure single sign-on across multiple systems. If a SSO certificate expires, SSO authentication will fail, preventing users from accessing the system. When a certificate is close to expiry, it increases the risk of unexpected login issues. This is why, administrators should proactively tracking and renewing certificates before they expire helps avoid downtime, maintain security, and ensure continuous, secure access to the systems. The SAML SSO Certificates test can help administrators in this regard!

This test automatically discovers SSO certificates in the environment and reports the number of days remaining before each certificate expires. By clearly showing how much validity time is left, this test helps administrators easily identify certificates that are nearing expiration and allow them to renew or replace the certificates in advance.

Note:

This test will report metrics only if the Single Sign-On feature is enabled in the eG manager.

Target of the test : The eG Manager

Agent deploying the test : An internal/remote agent

Outputs of the test : One set of results for each SSO certificate used by the eG manager

Configurable parameters for the test
Parameter Description

Test period

How often should the test be executed .

Host

The host for which the test is to be configured.

Port

The port number at which the specified host listens.

Show Expired Certificates

By default, this flag is set to No indicating that this test will report metrics for the certificates that are actively used by the eG manager. However, administrators can set this flag to Yes if they wish to review outdated certificates for troubleshooting, auditing, or cleanup purposes.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Days to SAML SSO certificate expiry

Indicates the number of days from the current day for which this SSO certificate will be valid.

Number

A high value is preferred for this measure. A low value of this measure indicates that the SSO certificate is nearing expiry soon and administrators should update the certificate as soon as possible.