Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Certificate error occurs during log off for SSO users

SA-65687

Summary



Post update to Pega 7.4, certificate error occurs when Single Sign-on (SSO) users log off.


Error Messages



Error on screen,

There has been an issue; please consult your system administrator" and in tracer error message is "No certificate found in trustore"

[tp-nio-8443-exec-827] [STANDARD] [ ] [DCMS:01.04.01] (internal.util.PRSAMLv2Utils) ERROR your_server_name.com|<IP> f41e9be3b90946029e948eb219068f9f - Caught Exception while processing SAML2 Logout Response from IdP 
com.pega.pegarules.pub.PRRuntimeException: No certificate found in truststore : SAMLAuthIDPCertStore with Alias : CN=Abcd SAML IdP 
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLRedirectBindingHandler.verify(SAMLRedirectBindingHandler.java:142) ~[printegrint.jar:?] 
... 
Caused by: com.pega.pegarules.pub.PRRuntimeException: No certificate found in truststore : SAMLAuthIDPCertStore with Alias : CN=Abcd SAML IdP



Steps to Reproduce

  1. Update Pega 7.3 to Pega 7.4.
  2. Log in with SSO credentials.
  3. Click Log Off.


Root Cause



A defect in Pegasystems’ code or rules. The verification certificate name (CN) is saved in uppercase letters. However, in the Keystore the CN is in lowercase.


Resolution



Perform the following local-change:

Update the casing of the Alias name manually in the Verification certificate to match the casing of the original Certificate Name.




 
Suggest Edit

Published October 15, 2018 - Updated December 2, 2021

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us