Status
Announcement of certificate change for IdP services from February 17-19, 2026 from 2026-02-17 10:00 CET to 2026-02-19 12:00 CET
Maintenance
General Services
Authentication Services
Academic Cloud Login
MPG Login
ADFS Login
General
2026-02-17 10:00 CET
· 2 days, 2 hours
Updates
Scheduled
February 6, 2026 · 10:18 CET
Dear operators of the service providers,
from February 17, 2026 to February 19, 2026 a certificate change will be carried out for the following Identity Providers (IdPs):
- shibboleth-idp.gwdg.de
-
shibboleth-idp.uni-goettingen.de
* shibboleth-idp.mpg.de
During this period, the IDP SAML certificates are renewed once.
This process usually runs without restrictions, as both certificates are configured in parallel during a short transition phase.
Certificate change process
- Tuesday, 17.02.2026, approx. 10:00 a.m.: New additional certificate is imported
- **Thursday, 19.02.2026, between 11:00-12:00 a.m.: Old certificate is removed from the metadata
Different behaviors of service providers
In the past, we have observed three possible scenarios:
- Metadata is downloaded automatically and regularly
-
(a) Automatic download, but no support for two certificates →
Please suspend the automatic download until the old certificate is deleted to avoid conflicts. -
(b) Automatic download with support for multiple certificates →
No action required. (This is often the case with standard implementations such as shibd/Shibboleth)
-
Certificate is permanently stored (“pinned”) in the service provider
In this case, the changeover must take place at the same time as the change on the IdP side.
Your feedback
Please let us know which of the described variants or other special features are relevant for your service provider.
This will enable us to optimize the process and improve our service in the long term.
Certificate links as of February 17, 2026
If you do not update the IdP certificate automatically, the new certificates will be available from February 17, 2026 under the following links
-
shibboleth-idp.uni-goettingen.de
https://shibboleth-idp.uni-goettingen.de/simplesaml/saml2/idp/metadata.php
Fingerprint: DB:FF:A9:F7:53:D5:AC:96:53:C6:4C:AE:9B:B0:0D:34:DE:94:AF:93:7F:F3:80:40:EF:5D:3E:3C:48:70:87:B1 -
shibboleth-idp.mpg.de
https://shibboleth-idp.mpg.de/simplesaml/saml2/idp/metadata.php
Fingerprint: 45:A2:E8:A7:4C:2A:78:21:E9:C7:EE:D7:EB:2E:41:20:5D:33:59:E7:0C:CE:79:72:E7:D1:76:51:88:6C:7B:FE -
shibboleth-idp.gwdg.de
https://shibboleth-idp.gwdg.de/simplesaml/saml2/idp/metadata.php
Fingerprint: 71:46:E0:C1:6F:40:01:E3:23:91:60:C8:60:81:35:D4:02:1F:FE:C5:AF:B2:09:9D:52:3A:38:68:AB:60:94:7C
Note:
On 19.02.2026 the old certificates will be deleted from the metadata of both the IdPs and the DFN.
From this date, SAML messages will only be signed with the new certificate.
← Back