Hi all,
I have a scenario where we had setup a new x509 Public certificate in the ADFS as Primary certificate. The old certificate was setup as Secondary but wasn't expired. At the same time in the application, the new certificate was added and was enabled together
with old certificate also added and enabled. Following is the series of events that happened after that:
1. All SAML logins got validated in Application using the new x509 certificate until the old certificate got expired.
2. When the old certificate expired, SAML logins stopped working.
3. To get into the Application using SAML, Admin had to disable the old certificate from Application.
4. By disabling the old certificate, users were able to login again using SAML using the new certificate at ADFS side as well as on Application
side.
Question: We can see that SAML logins were getting validated with the new certificate until the old one expired. Why did the expiry of old certificate
caused an issue with SAML logins then? Can somebody please help answering the above question? Thanks.