The certificate for the SAML app has to be a SHA256 base certificate. You can generate a new certificate via OpenSSL (if you don’t have already) and configure it in the Custom Certificate field in the plugin. This will overwrite the default certificate of the app.

Given below are instructions to generate new SHA256 public and private keys via OpenSSL:

1. Open a terminal and navigate to the bin directory of OpenSSL. If you don’t have OpenSSL installed, download it first.
2. Run the command given below to generate SHA256 Keypair.

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt


3. You will find the Public Key in certificate.crt and Private key in privateKey.key file in the bin directory.
4. Open both files in notepad and copy the public and private key in the Custom Certificate field in the plugin.
5. Configure the updated certificate in IDP.

SAML Tracer Logs:

• Download SAML tracer add-on : Firefox: [ Link ] | Chrome:[ Link ]
• Open the SAML tracer from the Browser toolbar.
• Keep the SAML tracer window open.
• Perform SSO/Test configuration and reproduce the issue.
• Go to SAML tracer window.
• You will get the option to Export SAML Tracer Log in a file (On top menu bar). Save the logs to a file, choose ‘None‘ when prompted and send us this file.

It seems like your Identity Provider is sending an error in the SAML Response. To check what the issue might be, please log in and go to the SAML plugin. In the Service Provider tab click on Test Configuration and look at the issue given by the IDP. If it is a responder for ADFS, open event viewer and check the error given. For opening event viewer, you can just search it in Start menu in ADFS.