Skip to Main Content
Status Future consideration
Categories Account settings
Created by Emily Yankush
Created on Dec 15, 2022

Automatically fetch the new SSO certificate/fingerprint

When an account is configured to use SSO, occasionally a certificate can be updated/changed in the SSO provider.

When this happens, a user trying to log into Aha! will see the error "SAML response certificate does not match fingerprint".

The recommended action for accounts configured with a metadata URL is to go into their Aha! SSO settings and click "Update" to re-fetch the certificate and capture/update the fingerprint. It typically takes a few minutes for this update to work successfully.

It would be a smoother process to automatically attempt to re-fetch this data when we get this error and change the error message to prompt the user to re-try after a certain time period.

Support article on this error:

  • Attach files
  • +1