XenMobile SAML Certificate

Xenmobile
arnaud

When you configure the base settings in the CLI, you create an internal PKI which is composed of:

  • A root certificate
  • An intermediate certificate to issue device certificates during enrollment
  • An intermediate certificate to issue an SSL certificate
  • An SSL certificate for your connectors
  • A Node Identification certificate for cluster node client auth

The SAML Certificate is created:

 

What is the SAML Certificate?

The SAML Certificate is needed if you want to use ShareFile Secure Apps for the SSO purpose.

In fact you will need to export this certificate from your XMS server and import it on the ShareFile Control Plane.

By Default this SAML Certificate which is a self-signed one as a name of XMS.example.com:

 

Where is the certificate?

I saw the issue of a missing SAML certificate for a customer and to be honest it was the first time.

But as the customer use ShareFile Secure App we need this certificate for ShareFile SAML configuration.

It could be a cosmetic issue even if I doubt of that, so how can we confirm is the SAML is present.

You need to know that this Certificate is not stored locally on the XMS server but in the Database.

So you need to connect to your SQL server and point to the XMS Database:

Develop Tables and point to dbo.certificate

Make a right click and select Select Top 1000 Rows

After the execution of the SQL query you should see all your certificate with the SAML in 1st position

 

If the Certificate is not here?

 

What to do if the SAML Certificate is not present in the Database?

You can recreate it manually from the Web Admin Console, just follow those steps:

Connect to you Web Admin Console

Go in Settings / Certificates

Click on Add / Server,self-signed

Select 2048 for the Key length, provide a Name *, choose the validity (default is 10 years) and click on Create

 

Note: The default one is XMS.example.com, you can change it if you want as it’s a self-signed certificate which will be imported in ShareFile Control Plane the name as no importance.

Now you can see your SAML Certificate in the console (and in the DB)

 

Note: Those information are provided based on my own experience.

Related Posts

XenMobile: PSH script to retrieve UDID

arnaud

XenMobile: Productivity Calculator

arnaud

XenMobile: Early Adopter Release for Citrix XenMobile Client 10.6.10

arnaud