SAML certificate check

When investigating single sign-on failures a common practice is to check and ensure that the certificate passed in through the SAML response matches the certificate you have stored in your Single Sign-on settings.

How to check your certificate

  1. Capture a SAML trace. For more information, see Capturing a SAML trace.
  2. In your SAML trace, find the X509 certificate and copy it into a text editor.

    An example SAML certificate.

  3. In your browser, go to your digital workplace.
  4. Select Control Panel.
  5. Under Membership, select Sign In Settings.
  6. Select Configure SAML Authentication.
  7. Compare the certificate that you copied in Step 2 to the one found in the Public Certificate field.The Public Certificate field on the Sign-on Settings page.
  8. If they don't match, you will need to update the certificate value stored on the Sign In Settings page.