Skip Navigation
Updating SSO Cert Failing
Answer ID 12088   |   Last Review Date 02/14/2022

Why did SAML SSO stop working when we uploaded the new certificate?

  • Oracle B2C Service
  • Single Sign-on (SSO) signing certificate (cert) renewal
  • ADFS as identity provider (IdP)
Our signing certificate will be rolling over in a few days. We are attempting to update the certificate ahead of time. Now the users can't log in.
ADFS can create new signing certificates with the same issuer field but a different public key. When both of these are present at the same time, the Oracle B2C Service application trusts neither of them.
Wait until the time of cutover by the IdP. Then remove the old cert and upload the new one.
You can check if this is the case using openssl (or other tools).
openssl x509 -noout -issuer -pubkey -in myfile.pem