Basware Purchase-to-Pay (P2P) Single Sign-On (SSO) Service certificate renewal - 2024


Summary:

Basware Purchase-to-Pay (P2P) Single Sign-On (SSO) Service certificate is going to expire on November 4, 2024.  For the renewal of the certificate in a seamless manner, a maintenance activity will be performed on October 20 between 0400 to 1000 UTC. During the maintenance activity, a new SSO certificate will be set as primary and the expiring SSO certificate will be removed.

Details of the expiring certificate that requires replacement:

Serial Number: ‎139dfb07d60a66003f18147c7be2c6bd
Issuer: Entrust Certification Authority - L1K
Subject: CN = *.p2p.basware.com
Validity Date: October 6, 2023, to November 4, 2024

Details of the new certificate:

Serial Number: ‎1042aa2da6db77c37976f56b
Issuer: GlobalSign GCC R3 DV TLS CA 2020
Subject: CN = *.p2p.basware.com
Validity Date: October 9, 2024 to November 10, 2025

Please note that, as a first step, the new SSO certificate has been added as secondary and is updated in the federation metadata.

Instructions:

For customers using a local Basware metadata file

If the Basware Purchase-to-Pay Single Sign-On (SSO) integration is configured using a local copy of Basware's federation metadata file there are below options available:

For Customers using Basware Metadata URL

If SSO integration is configured using Basware federation metadata URL https://sso.p2p.basware.com/FederationMetadata/2007-06/FederationMetadata.xml and configured to automatically update metadata information at regular intervals. It is recommended that a manual trigger of the metadata update be performed after the certificate maintenance on October 20, 2024.

Basware Recommendations:

 

Frequently asked questions:

Q: Will the SSO login to Basware dev, test and production P2P systems be impacted on different dates?
A: There is a single SSO system for dev, test and production P2P systems. Therefore, the maintenance on October 20, 2024, impacts all of these.

Q: How do we know if our authentication to the Basware P2P service will be impacted by this maintenance?
A: If your logins to the Basware P2P service are using Single Sign-on (SSO) authentication then you could be impacted by this maintenance.

Q: How will my Basware P2P service access and usage be impacted if I do not take the necessary actions in a timely manner?
A: After the October 20 maintenance activity, the expiring certificate will no longer be used for SSO authentication. Therefore, if the IdP trusts using the old certificate are not updated, the SSO logins to Basware P2P service will not work after the maintenance.

Q: Who should I forward the information related to this maintenance within my organization?
A: The details related to the maintenance should be forwarded to your IT department or to the IT service vendor, who manages the IdP trust setup used for Basware P2P services.

Q: What should we do if we update the certificate or IdP trust on our side on October 20, 2024 but observe errors when trying to login to Basware P2P service?
A: In case you encounter any issues after the maintenance, please contact Basware Support by filing a standard case through the link in reference to Service ticket: BWPB0047433.

Q: What do I need to do in case my IdP trust for Basware P2P SSO does not have a configuration setting for either a certificate or a metadata URL?
A: If the IdP setup does not require our certificate or metadata URL, no action is required in this case. However, it is still recommended to test the access to the P2P service via SSO after the October 20, 2024, maintenance is completed.

Q: If there are multiple IdP trusts setup to authenticate users to Basware P2P, what actions would be required in relation to this maintenance?
A: The maintenance on October 20 will impact SSO authentication to all IdP trusts used for login to Basware P2P.

Q: If we are accessing P2P through Verian and use SSO for authentication. Are we impacted by this activity?
A: SSO authentication to the P2P service using Verian integrations are not impacted by the certificate update, therefore do not require any customer actions.