I’m working on integrating a Laravel application with Auth0 SSO. When we attempt to log in, we are getting the following error description:
“Invalid thumbprint (configured: CBD3C6F2C1779C314430AF8CAB1436E61C01AF57. calculated: D318AFCF48BC5BC02B51C759C3D27F316B66B8EA)”
I have been looking around and can’t find any documentation surrounding these errors, can anyone help point me in the right direction?
Hi @stanley ,
Welcome to the Auth0 Community Forum!
Have you tried this:
A possible explanation for the mismatch in the certificates would be if the ADFS server in question has switched signing certificates after the connection was configured. When you save the connection and you have provided a metadata URL then that URL is queried to obtain metadata information so this would explain why saving without changes addresses the situation as the save would get the new signing certificate from the metadata URL.
When you provide the metadata URL there’s also a periodic jo…
stanley
November 10, 2019, 6:27pm
4
Hi @dan.woda ,
The X509 Signing Certificate was provided a couple of days ago and has not changed since we configured it.
Do we need to provide them with a new metadata file if any changes are made to the connection within Auth0? I have changed some settings while troubleshooting but did not provide them with a new metadata file, not sure if that’s required or not.
Thanks,
Brad
stanley
November 12, 2019, 6:59pm
5
Bumping this on Monday for visibility, thanks!
stanley
November 13, 2019, 6:52pm
6
We have confirmed that the x509 signing certificate has not changed but are still experiencing this issue.
@stanley ,
Looking at some previous support cases, it appears that this can be a result of pingfederate not having the correct certificate.
Have you tried downloading the cert and uploading it to pingfederate as shown here ?
stanley
November 13, 2019, 10:37pm
8
Yes we have confirmed we are using the correct certificate.
stanley
November 13, 2019, 10:43pm
10
This is the only cert. I am not the IdP so I’m not sure the last time they changed it, but it’s certainly live and working. I will DM you Tenant.
1 Like