Print this page

SSO users are not able to login to their Org after their signing certificate has changed

Knowledge Article Number 000187410
Description SSO users are not able to login to their Org after their signing certificate has changed
Resolution
Below are few of the scenarios where after changing SSO signing certificate, SSO users may not be able to login to their Org.
  1. Check if any patches were released by Microsoft or not. As we found some similar issue where Microsoft security patches caused this kind of issue and uninstalling them resolved the issue. You can find the error message from login history  as " SAML Sfdc Initiated SSO,Failed: InResponseTo Invalid"
  2. You can capture SAML response and see it you see any "MSIS0038: SAML Message has wrong signature" error message. If yes according to below thread after uninstalling this  "KB2843638" issue can be resolved.

http://social.technet.microsoft.com/Forums/windowsazure/en-US/4acc04b7-aac7-43e9-ba50-9570503045f9/msis0038-saml-message-has-wrong-signature

 




promote demote