SAML fingerprint mismatch


(yrs) #1

Hello Discourse Devs,

We are seeing the following error:

(saml) Authentication failure! invalid_ticket: OneLogin::RubySaml::ValidationError, Fingerprint mismatch

I’ve verified the fingerprint by generating a SHA256 finger print from the following site:

Any thoughts on what else I could check?


#2

I think you have to use SHA1 (the fingerprints hash algorithm is independent of the certificates algorithm). At least in my case that worked.
I copied the base64 certificate of my IdP including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- to a file and used the following OpenSSL command to retrieve the fingerprint:

openssl x509 -noout -fingerprint -sha1 -inform pem -in cert.pem