...
GovConext stapt over op een nieuwe SAML signing key. Alle serviceproviders die SAML gebruiken om te koppelen met het govConext Acceptatie-platform moeten hun configuratie aanpassen en de nieuwe sleutel gebruiken vóór 25 augustus 2025. De oude sleutel wordt daarna verwijderd. Tot die tijd kan de oude sleutel gebruikt worden.
...
De nieuwe metadata-URL is ook rechtstreeks te vinden via: https://engine.acc.govconext.nl/authentication/idp/metadata/key:20250725.
De nieuwe single-sign-on URL is te vinden in de metadata-URL in de ‘location’ tag van bovenstaande URL, namelijk: https://engine.acc.govconext.nl/authentication/idp/single-sign-on/key:20250725
...
If you are an IdP, this does not apply to you.
GovConext is transitioning to a new SAML signing key. All service providers that use SAML to connect to the govConext Acceptance platform must update their configuration and use the new key by August 25, 2025. The old key will then be removed. Until that time, the old key can be used.
The new SAML signing key is published along with a corresponding SingleSignOn-location - you need to update both at the same time. They can be found in the govConext ACCEPTATIE SAML-metadata voor SP's. The new metadata will be available from the 25th of July 2025 onward. This change can be implemented with ease and without significant downtime in most SP software.The govConext SAML metadata also has a signed version. The key used for signing is replaced as well as the URL of the signed metadata. SP's that use the govConext metadata to periodically and automatically update their configuration and verify this signature must also replace the certificate used to validate the metadata must use the new URL's. The metadata signing certificate and the CA certificate, or metadata Certificate Authority certificate, you can use to validate our signature can be found on govConext ACCEPTATIE — Metadata & Certificates
The new metadata-URL can be found directly via: https://engine.acc.govconext.nl/authentication/idp/metadata/key:20250725.
The new single-sign-on URL can be found in the metadata-URL in the ‘location’ tag of the URL above or directly: https://engine.acc.govconext.nl/authentication/idp/single-sign-on/key:20250725
A complete overview of all existing and new metadata can be found at https://engine.acc.govconext.nl/.
This change can be implemented with ease and without significant downtime in most SP software.
We strongly advice to use OIDC for SP connections. A request to replace a SAML connection by OIDC can be sent to tech@govroam.nl.
...