My Oracle Support Banner

OCI Identity Cloud Service (IDCS) - How to Manually Edit SAML Metadata to Include a new Certificate (Doc ID 2904093.1)

Last updated on FEBRUARY 08, 2024

Applies to:

Identity Cloud Service (IDCS) - Version N/A and later
Information in this document applies to any platform.


In situations where the default SAML signing certificate, issued by Oracle Cloud’s internal Certificate Authority (CA), does not meet your federation requirements, it is possible to replace the signing certificate using a certificate from a CA of your choice.

This article provides instructions to manually edit IDCS SAML metadata and update it with the replacement certificates.

Prerequisite: Obtain the new SAML signing certificate from your certificate authority. Optional, as needed: Distribute the edited SAML metadata file, containing the new certificate, to your federation partners.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Step 1: Download the current SAML metadata document from your IDCS tenant.
 Step 2: Obtain the new signing certificate in base64-encoded format.
 Step 3: Remove the XML signature from the SAML metadata document
 Step 4: Replace the old certificate data with the new certificate data
 Step 5: Verify the modified SAML metadata

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.