Collapse
Submit a Service Request
Contact Information for Technical Support
My Service Notifications
Updating SSO Cert Failing
Answer ID 12088 |
Last Review Date 02/14/2022
Why did SAML SSO stop working when we uploaded the new certificate?
Environment:
- Oracle B2C Service
- Single Sign-on (SSO) signing certificate (cert) renewal
- ADFS as identity provider (IdP)
Issue:
Our signing certificate will be rolling over in a few days. We are attempting to update the certificate ahead of time. Now the users can't log in.
Cause:
ADFS can create new signing certificates with the same issuer field but a different public key. When both of these are present at the same time, the Oracle B2C Service application trusts neither of them.
Resolution:
Wait until the time of cutover by the IdP. Then remove the old cert and upload the new one.
Notes:
You can check if this is the case using openssl (or other tools).
openssl x509 -noout -issuer -pubkey -in myfile.pem