Notice from Adobe about IdP SHA-1 certificates

Richard Frovarp richard.frovarp at ndsu.edu
Wed Jul 15 21:57:02 UTC 2020 

I don't think that's what that message means. I provided them with a SHA-256 cert when we set this up under a year ago. That's the only cert my IdP has. If I download their SP metadata, it has a SHA-1 cert.

So I think the problem is with their cert through Okta.

On Wed, 2020-07-15 at 21:52 +0000, Yeargan, Yancey wrote:
Just a heads-up. I received this notice from Adobe saying that identity provider certificates must be signed using SHA-256 by end of October.

Yancey Yeargan
UNIVERSITY OF NORTH TEXAS SYSTEM



From: Adobe <mail at mail.adobe.com>
Reply-To: Adobe <camp at mail.adobe.com>
Date: Wednesday, July 15, 2020 at 4:08 PM
Subject: ACTION REQUIRED: Discontinued Support of Deprecated IdP Certificates

ACTION REQUIRED: Discontinued Support of Deprecated IdP Certificates


[Adobe]

To Systems Administrator:

As of October 31, 2020, Adobe will discontinue support of deprecated SHA-1 certificates for federated directories within Adobe Admin Consoles. It has been confirmed that your organization has one or more federated directories utilizing a deprecated SHA-1 certificate, or a directory that was converted as part of the SHA-256 Pilot, that requires migration prior to the support expiration.

Migration of federated directories to SHA-256 protocol aligns with industry standard, providing a more secure and direct integration with Adobe of your directory's authentication profiles. A self-service feature<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0ee&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101584482&sdata=u6A4QuW3FKIH0bJsWfWFe5pnKalWTl31PktV0g%2B2qMs%3D&reserved=0> is available in the Adobe Admin Console that allows your organization to seamlessly migrate from a SHA-1 to a SHA-256 certificate requiring no down time and the ability to test prior to integration. With this solution, you can leverage the same directory as well as integrate directly with your identity provider, such as Azure, Google or any SAML 2.0 provider. Within the Admin Console, any directories with a SHA-1 or SHA-256 Pilot certificate are now indicated with an icon and banner notification to alert your administrators to which directories require an update. Learn more about the migration process and steps to proceed here<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0ef&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101594476&sdata=gtpcQi4gELTMi9NN7LbvLErkoqwHJ%2BZIW%2BdyA70me%2F8%3D&reserved=0>.
[PLACEHOLDER IMAGE]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f0&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101594476&sdata=On8cYyxAvra55iqdexHhOyWJ4OXO2T75yrpskVTCkQ0%3D&reserved=0>




What do I need to do?

Migrate all federated directories with a SHA-1 or SHA-256 Pilot certificate to an updated IdP configuration.

When do I need to take action?

By October 31, 2020.

What happens if I don’t take action by the required date?

As of November 01, 2020, any directories not migrated will no longer be supported by Adobe. Customers must immediately migrate to an updated configuration to be in compliance and for directory support.




Visit Adobe’s Enterprise Administration User Guide<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f1&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101604469&sdata=Y24o%2BojFNGH5GxgNIPYTBo1Hm%2BFcizFUwqCuVrbDezY%3D&reserved=0> to learn more about the self-service feature and steps to complete the required update. Enterprise customers can also input a support ticket via the Adobe Admin Console<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f2&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101604469&sdata=6xocQzZ4njlDpDGNFqAOluXDaRRXI6jEo%2BzB1uNU7wI%3D&reserved=0> for assistance with the migration.

[Enabled by Adobe Campaign]
[Join the conversation][Twitter]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f3&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101614468&sdata=zgEf2JuTFiflx%2BCvhd4MsBg8fXfD9RcxVMelV6DMWqg%3D&reserved=0>[Facebook]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f4&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101614468&sdata=S0XdTHrGH7Sl3L8JdiMi18%2FDG%2BsUD1%2B%2FW31SogQu%2F%2Bk%3D&reserved=0>[Blog]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f5&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101624461&sdata=EdbyJb7%2BpTl0O1SplzwZZxkz08nB%2F7uA6iOeTJN0WNk%3D&reserved=0>[LinkedIn]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f6&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101624461&sdata=rwIH3oVmYIDr8sd%2BsC%2BTryZgBfdm0PKs8M77MBjyU9Y%3D&reserved=0>
Adobe, the Adobe logo, the Adobe PDF logo, Acrobat, Creative Cloud, and the Creative Cloud logo are either registered trademarks or trademarks of Adobe in the United States and/or other countries. All other trademarks are the property of their respective owners.

Adobe, 345 Park Avenue, San Jose, CA 95110 USA

To ensure email delivery, add mail at mail.adobe.com<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fadobeint-mkt-prod1-t.campaign.adobe.com%2Fr%2F%3Fid%3Dh924b6f5%2C12f23aeb%2C12f2d0f7&data=02%7C01%7Cyancey.yeargan%40untsystem.edu%7C35b57214509949b196f408d829033910%7C70de199207c6480fa318a1afcba03983%7C0%7C1%7C637304441101634452&sdata=6daZiPYz4LtNAV1BO6vJKPmWTYzWv9LEz2F2gRz8dZ4%3D&reserved=0> to your address book, contacts, or safe sender list.
[https://adobeint-mkt-prod1-t.campaign.adobe.com/r/?id=h924b6f5,12f23aeb,1]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200715/cdc23cfc/attachment.htm>

More information about the users mailing list