ArcGIS Online has renewed its SAML signing and encryption certificates.
Users who have enabled the advanced SAML options ‘Enable Signed Requests’ and/or ‘Encrypt Assertion’ will need to obtain the new ArcGIS Online Service Provider metadata file and associate it with their Identity Provider before November 14, 2018.
Customers using these advanced SAML options who do not upload the updated ArcGIS Online metadata file containing the new certificate before this date will receive an IDP specific error when they attempt to sign into ArcGIS Online with an Enterprise account.
To obtain the updated metadata file:
- Login to www.arcgis.com with your administrative credentials
- Click on “Organization” then “Settings” then “Security”
- Scroll down to “Enterprise Logins” then click the “Get Service Provider” button. This action will download the metadata needed for your IDP.
Esri Support Services has provided a technical article here which describes this issue in detail: