Support Article
Certificate error occurs during log off for SSO users
SA-65687
Summary
Post update to Pega 7.4, certificate error occurs when Single Sign-on (SSO) users log off.
Error Messages
Error on screen,
There has been an issue; please consult your system administrator" and in tracer error message is "No certificate found in trustore"
[tp-nio-8443-exec-827] [STANDARD] [ ] [DCMS:01.04.01] (internal.util.PRSAMLv2Utils) ERROR your_server_name.com|<IP> f41e9be3b90946029e948eb219068f9f - Caught Exception while processing SAML2 Logout Response from IdP
com.pega.pegarules.pub.PRRuntimeException: No certificate found in truststore : SAMLAuthIDPCertStore with Alias : CN=Abcd SAML IdP
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLRedirectBindingHandler.verify(SAMLRedirectBindingHandler.java:142) ~[printegrint.jar:?]
...
Caused by: com.pega.pegarules.pub.PRRuntimeException: No certificate found in truststore : SAMLAuthIDPCertStore with Alias : CN=Abcd SAML IdP
Steps to Reproduce
- Update Pega 7.3 to Pega 7.4.
- Log in with SSO credentials.
- Click Log Off.
Root Cause
A defect in Pegasystems’ code or rules. The verification certificate name (CN) is saved in uppercase letters. However, in the Keystore the CN is in lowercase.
Resolution
Perform the following local-change:
Update the casing of the Alias name manually in the Verification certificate to match the casing of the original Certificate Name.
Published October 15, 2018 - Updated December 2, 2021
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.