Symptom
There are misunderstanding on which component to assign a case in regards to uploading signed SAML Certificates taken from the IDP depending on which product is being utilized.
Environment
SAP SuccessFactors HCM Suite
Resolution
If the system is hosted on SAP SuccessFactors HCM Suite, the solution to update the SAML signed certificate taken from the IDP is not through STRUST but rather through provisioning and only Partners and Support have access to Provisioning. . The correct component for this is LOD-SF-PLT-CER and is further explained in KBA 2088838 - How to Update SSO Certificates/Tokens in SuccessFactors HCM Suite
If this is not hosted on SAP SuccessFactors HCM Suite and rather on SAP ABAP Netweaver, this KBA walks you through how to update the expired certificate: 2462389 - SAML2.0: Renew IdP signing certificate on Service Provider on NetWeaver ABAP without downtime
Note: Specifically, the current SAP SuccessFactors HCM suite Single Sign-On (SSO) certificate is set to expire on June 2, 2025. After June 2, 2025, for those customers still using the old SSO certificate AND not integrated with SAP Cloud Identity Services – Identity Authentication, users will no longer be able to access SAP SuccessFactors HCM suite, causing downtime for the system. Therefore, we are requesting all SAP SuccessFactors HCM suite SSO customers not yet integrated with the Identity Authentication service to migrate to Identity Authentication or renew the certificate before June 2, 2025, to avoid downtime.
See Also
Keywords
SAML, SuccessFactors HCM Suite, Renewal, SSO certificate, ABAP, Netweaver , KBA , LOD-SF-PLT-CER , SAML Certificate Change , BC-SEC-LGN-SML , SAML 2.0 for ABAP , How To