cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
0
Helpful
0
Replies
Thiago Perrini
Enthusiast

ADFS SAML / CSCuj66703 - Fails due to signing certificate mis-match

Very sad that we have February 2020 and we are still facing this BUG CSCuj66703 with CUCM/Unity Cluster. 

If you have to renew the ADFS certificates in MS Server you have the possibility to have a primary and secondary Token signing certificate. Today CUCM/Unity can not handle that. When you have a primary and secondary token signing certificate and renew the certificate you got an error message "Error while processing SAML Response" . 

The workaround is to edit the federation xml file and delete the second certificate manualy, that is very odd.

 

In our case we found a better way to handle that problem. If you have the possibility delete the (old) second Token signing/decrypting. Then download the new ADFS Meta trust file, with just one Token signing certificate. 

 

error_while_processing_saml_response.png

Please add support for Auto Certificate Rollover or add at least support for two Token Signing Certificates in CUCM version 14.

 

Thx and Best Regards

Thiago

0 REPLIES 0