Skip to content

Promote next SAML signing certificate.

POST
/api/admin/saml-providers/{id}/signing-rollover/promote-next
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/admin/saml-providers/example/signing-rollover/promote-next \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "certificate": "-----BEGIN CERTIFICATE-----...", "metadataCertificatePublication": "active_next" }'

Promotes the provider signing policy next certificate to active and can retain the previous active certificate as backup.

id
required
string

SAML provider id.

Media type application/json
object
keyRef
string
kid
string
certificate
string
metadataPublishFrom
integer
plannedActivationAt
integer
metadataCertificatePublication
string
Allowed values: active_next active_next_backup
promotedAt
integer
keepPreviousAsBackup
boolean
Example
{
"certificate": "-----BEGIN CERTIFICATE-----...",
"metadataCertificatePublication": "active_next"
}

Successful JSON response.

Media type application/json
object
success
required
boolean
config
required
object
entityId
string
ssoUrl
string format: uri
acsUrl
string format: uri
certificate
string
metadataUrl
string format: uri
metadataXml
string
nameIdFormat
string
metadataNameIdFormats
Array<string>
key
additional properties
signingKeyPolicy
required
object
key
additional properties
updatedAt
required
string format: date-time
Example
{
"success": true,
"config": {
"entityId": "https://idp.example.com/metadata"
},
"signingKeyPolicy": {
"next": {
"kid": "saml-next-key"
}
},
"updatedAt": "2026-06-19T00:00:00.000Z"
}