SAML Multiple signin certifactes during certificate rollower

MichaelNüßlein · ‎03-22-2023

We have the problem, that during the certificate rollower period there are two certificates available in published SAML metadata. There is no additional information available which certificate is the right one for signin process.

Does anyone have the same problem and has a workflow how to change the certificate in portal SAML configuration

Thank you for any response

Richard_Purkis · ‎03-22-2023

Hi @MichaelNüßlein

What is the is Identity Provider you are using?

Ultimately if the certificate Portal is expecting doesn't match the one from the IDP you will see the error in this article:

Error: Unable to login using Idp Unable to validate SAML response

Replacing the certificate value in Portal Enterprise Login parameters section with the other certificate will resolve the issue.

Hope this helps

MichaelNüßlein · ‎03-22-2023

Hi Richard,

we have an own IDP in our company based on Microsoft Active Directory.

Yes we will get this error message when certificate changes. The problem is, that we have a productive system. This error message should not come up, because then we will get an incident message. So we are looking for an automatism to change the certificate before the current certificate expire