For SAML 2.0 Open Login, I'm using a digital certificate issued from a certificate authority but verification seems to be failing. Why?

Environment:

SAML 2.0 Open Login

Resolution:

1. Obtain a .pem file for the root certificate authority of your SAML certificate
2. If your SAML certificate was issued from an intermediate certificate authority, also obtain a .pem for that certificate authority and any other certificate authorities between your certificate and the root certificate authority
3. Login to the Oracle B2C Service console as an administrator
4. Navigate to Configuration > Site Configuration > File Manager
5. Select the interface you are attempting to use the certificate on
6. Select "Additional root certificates" from the Switch to drop-down
7. Upload the .pem file for the root certificate authority
8. Select "Intermediate certificates" from the Switch to drop-down
9. Upload the .pem file for any intermediate certificate authorities

Important: The certificate contained in the .pem file(s) must be in the PEM format.

Cause:

This can be an indication that the SAML certificate was issued by either a root or an intermediate certificate authority that is not recognized/trusted by Oracle B2C Service. In the case that the SAML certificate was issued by a root certificate authority that is not recognized/trusted by Oracle B2C Service, trust can be established by uploading the root certificate authority to the Oracle B2C Service. In the case that the SAML certificate was issued by an intermediate certificate authority that is not recognized/trusted by Oracle B2C Service, trust can be established by uploading all intermediate certificate authorities between the SAML certificate and a trusted root certificate.