What is it

When investigating single sign-on failures a common practice is to check and ensure that the certificate passed in through the SAML response matches the Certificate you have stored in your Single Sign-on settings.

How to check your certificate

Step 1: Perform a SAML trace

You can obtain the Certificate value from the SAML response through a SAML trace. See the dedicated article on performing SAML traces

Step 2: Copy the X509 Certificate

Once you’ve obtained a copy of the SAML response, locate the X509 certificate value, copy it and paste it to your text editing application of choice

Step 3: Compare it to your certificate in your SSO Settings

Copy the certificate in the Single Sign-on Settings screen at https://{yourcommunity.com}/admin/membership/saml and compare the two certificate values.
If they do not match you will need to update the certificate value stored your sign in settings.