Federated Salesforce Identity Provider Certificate has failed

ADFS3.0

How wrong can an error Message be?

A customer tried using Single Sign-On With their Federated Service Provider, Salesforce, today receiving this error:

saleforceerror

Login Error Your login attempt using single sing-on With an Identity provider certificate has failed. Please contact Your salesforce.com administrator for more information.

We could believe this has to do With some faulty certificate or maybe an outdated certificate, but as their Salesforce vendor didn’t know I was contacted to help solve the issue.

The solution was rather simple, but I believe the error Message could have figured it out and returned a better description.

Salesforce uses none Federated accounts mostly, and when you add federation it is an option for the prior none Federated accounts. For this to work we need to fill in the Salesforce With the users Federated Identity. In some cases it can be the same if it is the email address, but alot of customers uses different usernames in their Identity provider and therefore it is a another Field for Federated ID.

In that case I would also recommend ADFS 3.0 With Server 2012 R2 Service Pack 1, so you can activate Alternate Login ID aswell.

1 Comment

  1. Roy Apalnes

    Thanks for complement my findings, making the post even better. So the error can be because of several problems, and it is Nice to see this also. I have seen the problem you address before, allthough we didn’t have Salesforce as SP. Thanks again!

Leave a Comment