SecureAuth IdP Version affected: All versions
Description: Realms with a post authentication of Native Mode Cert Landing Page deliver personal user certificates and automatically imports them into the proper certificate store, through the web browser Internet Explorer. By default, if an enrollment realm detects that an authenticated user already has a valid personal certificate within their certificate store, the realm will display a "Congratulations" page, but will not issue the user a new certificate. This is because of the Token Persistence settings in the realm are configured towards this workflow. To change the realm so that a new personal certificate is delivered each time a user enrolls--overwriting pre-existing certificates--implement the following.
From the IdP server, navigate to your native certificate delivery realm's Workflow tab from the Admin Console.
Admin Console -> Admin Realm -> SecureAuth# -> Workflow (tab)
From the Token Persistence section configure the following fields:
Validate Persistent Token = Flase
Renew Persistent Token (After Validation) = True
Users will now enroll for a new personal certificate upon every successful authentication into the realm.