• Andy Wong 45
  • NEWBIE
  • 0 Points
  • Member since 2018

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
    Questions
  • 2
    Replies
We got an CA certificate ( for server afds.xxxxxx.com )  from External and imported to our Microsoft  ADFS 2.0 server and follows the instruction Configure SAML 2.0: https://help.salesforce.com/articleView?id=identity_provider_examples_3p_adfs.htm
And it was working fine.

Now we wish to use a new CA wild card certificate ( *.xxxxxx.com ) for our server afds.xxxxxx.com. 
Can Sales force SAML 2.0 use this wild card certificate ( *.xxxxxx.com ) instead of destinated certifcate (afds.xxxxxx.com) for SAML SSO ?
Has anyone done this or is this possible ? 
We got the following error:
Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

We tried recreate another account, but once use this "xxxxx@xxxxxxx.com" in federation ID , we got the Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

Any one expericence the same ?
We got the following error:
Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

We tried recreate another account, but once use this "xxxxx@xxxxxxx.com" in federation ID , we got the Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

Any one expericence the same ?