How to Update SAML SP Certificates in Joomla

Here we will explain how to update the SAML Service Provider (SP) certificates in Joomla using the miniOrange SAML plugin.

Overview

You can update the SP certificates using one of the following methods:

Follow the Steps Below:

Log in to Joomla Admin Panel
- Go to your Joomla Administrator dashboard
Navigate to Plugin Settings
- Go to: Components → miniOrange SAML Single Sign-On
Open Custom Certificate Tab
- Click on the Custom Certificate tab
Upload Certificate Details
- X.509 Public Certificate
  - Open the sp-certificate.crt file in a text editor
  - Copy the complete content (including: —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–)
  - Paste it into the Public Certificate field
- X.509 Private Key
  - Open the sp-key.key file
  - Copy the complete content
  - Paste it into the Private Key field
Save Changes
- Click the Upload button to apply changes

Use this method if you prefer manual configuration or are not using the UI upload option.

For miniorange SAML SP Standard Plugin Plan

Go to: [Joomla-Root]/plugins/authentication/miniorangesaml/saml2/cert/

For miniorange SAML SP Premium / Enterprise Plugin

You must update certificates at both of the following locations:

Authentication plugin directory: [Joomla-Root]/plugins/authentication/miniorangesaml/saml2/cert/
User plugin (SAML Logout) directory: [Joomla-Root]/plugins/user/samllogout/cert/

Upload and overwrite the following files in the required directory/directories:

Before replacing, download and save the existing cert folders from all locations

Important Notes:

Standard Plan: Update certificates in one location only
Premium / Enterprise Plan: Update certificates in both directories, otherwise SAML logout or related flows may fail

After updating the certificates in Joomla:

Upload the new Public Certificate (sp-certificate.crt) to your Identity Provider (IdP)
This step is required to maintain secure SAML communication