Summary:

Basware Purchase-to-Pay (P2P) Single Sign-On (SSO) Service certificate is going to expire on November 5, 2023.  For the renewal of the certificate in a seamless manner, a maintenance activity will be performed on October 21 between 0400 to 1000 UTC.

During the maintenance activity, the new SSO certificate (Serial Number:‎ 139dfb07d60a66003f18147c7be2c6bd) will be set as primary and the old SSO certificate (Serial Number: ‎‎1d69330942e1a06879a06378e68ff8ef) will be removed.

Details of the old certificate that requires replacement:

Serial Number: ‎‎1d69330942e1a06879a06378e68ff8ef
Issuer: Entrust Certification Authority - L1K
Subject: CN = *.p2p.basware.com
Validity Date: October 5, 2022 to November 5, 2023

Details of the new certificate:

Serial Number: ‎139dfb07d60a66003f18147c7be2c6bd
Issuer: Entrust Certification Authority - L1K
Subject: CN = *.p2p.basware.com
Validity Date: October 6, 2023 to November 4, 2024

Please note that, as a first step, the new SSO certificate has been added as secondary and is updated in the federation metadata.

The following steps need to be reviewed and verified by the customer’s internal IT department and/or 3rd party hosting provider that is managing the IdP.

If your Identity Provider (IdP) is checking that the SSO request coming from Basware P2P is signed or if your IdP is sending an encrypted token back to Basware P2P SSO, then the maintenance activity will impact your user logins. If the following recommended actions are not completed, SSO logins will fail until the new certificate is updated and integrated within the IdP trust setup for signing and encryption.

Instructions:

For customers using a local Basware metadata file

If the Basware Purchase-to-Pay Single Sign-On (SSO) integration is configured using a local copy of Basware's federation metadata file there are below options available:

• After the communicated October 21 maintenance is complete, the latest metadata file can be downloaded by using the URL: https://sso.p2p.basware.com/FederationMetadata/2007-06/FederationMetadata.xml
• In case you require the new *.p2p.basware.com certificate in advance, you can download the new public certificate. Please make sure not to make the change before the October 21 planned maintenance.

For Customers using Basware Metadata URL

If SSO integration is configured using Basware federation metadata URL https://sso.p2p.basware.com/FederationMetadata/2007-06/FederationMetadata.xml and configured to automatically update metadata information at regular intervals. It is recommended that a manual trigger of the metadata update be performed after the certificate maintenance on October 21, 2023.

Basware Recommendations:

• Please do not delete or remove the existing IdP trusts configured in the SSO solution. In case a trust deletion is mandatory, please keep a backup of the current trust setup as this will help in troubleshooting if any issues in the new trust setup are encountered.
• Test the SSO login to Basware P2P service after the certificate maintenance on October 21, 2023.

Frequently asked questions:

Q: Will the SSO login to Development, test (pre-production) and Production P2P systems be impacted on different dates?
A: Basware has a single SSO setup for your Development, test (pre-production) and Production P2P systems. Therefore, the maintenance on October 21, 2023 impacts all of these.

Q: How do we know if our authentication to the Basware P2P service will be impacted by this maintenance?
A: If your logins to the Basware P2P service are using Single Sign-on (SSO) authentication then you could be impacted by this maintenance.

Q: How will my Basware P2P service access and usage be impacted if I do not take the necessary actions in a timely manner?
A: After the October 21 maintenance activity, the expiring certificate will no longer be used for SSO authentication. Therefore, if the IdP trusts using the old certificate are not updated, the SSO logins to Basware P2P service will not work after the maintenance.

Q: To whom should I forward the information related to this maintenance within my organization?
A: The details related to the maintenance should be forwarded to your IT department or to the IT service vendor, who manages the IdP trust setup used for Basware P2P services.

Q: What should we do if we update the certificate or IdP trust on our side on October 21, 2023 but observe errors when trying to login to Basware P2P service?
A: In case you encounter any issues after the maintenance, please contact Basware Support by filing a standard case through the link in reference to Service ticket: BWPB0046608.

Q: What do I need to do in case my IdP trust for Basware P2P SSO does not have a configuration setting for either a certificate or a metadata URL?
A: If your IdP setup does not require Basware certificate or metadata URL, no action is required in this case. However, it is still recommended to test the access to the P2P service via SSO after the October 21, 2023 maintenance is completed.

Q: If there are multiple IdP trusts setup to authenticate users to Basware P2P, what actions would be required in relation to this maintenance?
A: The maintenance on October 21 will impact SSO authentication to all IdP trusts used for login to Basware P2P.

Q: If we are accessing P2P through Verian and use SSO for authentication. Are we impacted by this activity?
A: SSO authentication to the P2P service using Verian integrations are not impacted by the certificate update, therefore do not require any customer actions.