When investigating single sign-on failures a common practice is to check and ensure that the certificate passed in through the SAML response matches the certificate you have stored in your Single Sign-on settings.
How to check your certificate
- Capture a SAML trace. For more information, see Capturing a SAML trace.
- In your SAML trace, find the X509 certificate and copy it into a text editor.
- In your browser, go to your digital workplace.
- Select Control Panel.
- Under Membership, select Sign In Settings.
- Select Configure SAML Authentication.
- Compare the certificate that you copied in Step 2 to the one found in the Public Certificate field.
- If they don't match, you will need to update the certificate value stored on the Sign In Settings page.