How to update Zivver SAML metadata and verify in ADFS

Introduction

Your organization is using Single Sign-On to log users in to Zivver via ADFS. Your Identity Provider (IdP) and Zivver (Service Provider (SP)) exchange metadata. This metadata contains necessary information so that the IdP and Zivver can trust each other. The metadata is signed with a certificate. The current Zivver certificate expires on December 3rd 2021.

There are two different methods of updating the Zivver metadata in ADFS.

  1. How to update the Zivver metadata in ADFS via URL - Recommended
  2. How to update the Zivver metadata in ADFS via XML import

Updating the Zivver metadata in ADFS via URL can be done in three ways. Choose the method that suits your preference.

  1. Automatically - Recommended
  2. PowerShell
  3. Manually (via user interface)

When the monitoring features are enabled, ADFS monitors for new metadata every 24 hours (1440 minutes) by default. You can see how often ADFS checks for new metadata by running the PowerShell command:

Get-ADFSProperties | select MonitoringInterval

Do these steps to setup up automatic monitoring for Zivver metadata.

  1. Open ADFS Management Console
  2. Open Trust Relationships > Relying Party Trusts
  3. Right-click the Zivver relying party trust and select Properties
  4. Open the tab Monitoring
  5. At Relying party’s federation metadata URL: enter the URL https://app.zivver.com/api/sso/saml/meta
  6. Click Test URL
    If you see the error message > An error occurred during an attempt to read the federation metadata. Verify that the specified URL or host name is a valid federation metadata endpoint. Do a check on your proxy server setting. For more information […​] add this registry key to the AD FS server. Then, reboot the server.
    Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
    DWORD name: SchUseStrongCrypto
    Value: 1
  7. Select Monitor relying party
  8. Also select Automatically update relying party
  9. Click Apply

The metadata should be updated after 24 hours. Verify the metadata is updated.

PowerShell

  1. Start a PowerShell command line with elevated rights
  2. Run command:
    Update-AdfsRelyingPartyTrust -TargetIdentifier "https://app.zivver.com/SAML/Zivver"

The metadata should be updated. Verify the metadata is updated.

Manually (via user interface)

  1. Open ADFS Management Console
  2. Open Trust Relationships > Relying Party Trusts
  3. Right-click the Zivver relying party trust and select Update from Federation Metadata…
  4. Click Update

The metadata should be updated. Verify the metadata is updated.

How to update the Zivver metadata in ADFS via XML import

If updating the Zivver metadata via URL is not an option, you can download the new Zivver metadata and import that into ADFS via PowerShell.

  1. Open a modern browser like Google Chrome
  2. Go to https://app.zivver.com/api/sso/saml/meta
  3. Download the metadata as .xml file via Ctrl + S or when using Chrome, via the hamburger menu in the top right corner > More Tools > Save page as…
    Make sure the file is saved with .xml as file extension. The file name is often meta.xml.
  4. Transfer the meta.xml file to the ADFS server
  5. Start a PowerShell ISE instance with elevated rights
  6. Run this script:
    Make sure the meta.xml file is stored directly on the C-drive.

    $metadataPath = "c:\meta.xml"
    $zivverIdentifier = "https://app.zivver.com/SAML/Zivver"
    Update-AdfsRelyingPartyTrust -TargetIdentifier $zivverIdentifier -MetadataFile $metadataPath
    

The metadata should be updated. Verify the metadata is updated.

How do I verify the metadata is updated?

  1. Open ADFS Management Console
  2. Open Trust Relationships > Relying Party Trusts
  3. Right-click the Zivver relying party trust and select Properties
  4. Open the tab Encryption
  5. Verify the Expiration date is 11/15/2026 or 15/11/2026 depending on your date and time settings.