Status

SAML Community Cert Rollover from 2026-02-17 10:00 CET to 2026-02-19 12:00 CET

Maintenance General
2026-02-17 10:00 CET · 2 days, 2 hours

Updates

Resolved

This maintenance has been concluded as planned.

February 19, 2026 · 12:00 CET
Scheduled

Dear operators of the service providers,
From February 17, 2026 to February 19, 2026, a certificate change will be carried out for the following identity providers (IdPs)
shibboleth-idp.gwdg.de
shibboleth-idp.uni-goettingen.de
shibboleth-idp.mpg.de
During this period, the IDP SAML certificates are renewed once.
This process usually runs without restrictions, as both certificates are configured in parallel during a short transition phase.

Procedure of the certificate change
Tuesday, 17.02.2026, approx. 10:00 a.m.: New additional certificate is imported
Thursday, 19.02.2026, between 11:00-12:00: Old certificate is removed from the metadata

Different behaviors of service providers
In the past, we have observed three possible scenarios:
Metadata is downloaded automatically and regularly
(a) Automatic download, but no support for two certificates →
Please suspend the automatic download until the old certificate is deleted to avoid conflicts.
(b) Automatic download with support for multiple certificates →
No action required. (This is often the case with standard implementations such as shibd/Shibboleth)
Certificate is permanently stored (“pinned”) in the service provider
In this case, the changeover must take place at the same time as the change on the IdP side.

Your feedback
Please let us know which of the described variants or any other special features are relevant for your service provider.
This will enable us to optimize the process and improve our service in the long term.

Certificate links from February 17, 2026
If you do not update the IdP certificate automatically, the new certificates will be available from February 17, 2026 under the following links
shibboleth-idp.uni-goettingen.de
https://shibboleth-idp.uni-goettingen.de/simplesaml/saml2/idp/metadata.php
Fingerprint: DB:FF:A9:F7:53:D5:AC:96:53:C6:4C:AE:9B:B0:0D:34:DE:94:AF:93:7F:F3:80:40:EF:5D:3E:3C:48:70:87:B1
shibboleth-idp.mpg.de
https://shibboleth-idp.mpg.de/simplesaml/saml2/idp/metadata.php
Fingerprint: 45:A2:E8:A7:4C:2A:78:21:E9:C7:EE:D7:EB:2E:41:20:5D:33:59:E7:0C:CE:79:72:E7:D1:76:51:88:6C:7B:FE
shibboleth-idp.gwdg.de
https://shibboleth-idp.gwdg.de/simplesaml/saml2/idp/metadata.php
Fingerprint: 71:46:E0:C1:6F:40:01:E3:23:91:60:C8:60:81:35:D4:02:1F:FE:C5:AF:B2:09:9D:52:3A:38:68:AB:60:94:7C

Note:
On 19.02.2026, the old certificates will be deleted from the metadata of both the IdPs and the DFN.
From this date, SAML messages will only be signed with the new certificate.
Thank you for your cooperation and support.
If you have any questions, please do not hesitate to contact us.
Yours sincerely
Your GWDG SSO Team

February 17, 2026 · 12:24 CET

← Back