Hello -
I am posting here because our vendor (who uses ForgeRock for SAML certificate) is not able to provide support on the following issue.
They have a SAML connection to an on-prem AD FS server. Up until yesterday the SAML connection was working correctly. We have a scheduled pull from their federation data every 7 days, our AD FS server ran its scheduled update from our vendors federated data at 12:03PM.
At exactly 12:03PM is the last time anyone was able to sign in to the application provider. SAML connection no longer works.
Upon further investigation and testing, our AD FS server is now pulling an encryption certificate with the issuer listed as “CN=Test,OU=AM,O=ForgeRock,L=Bristol,S=Bristol,C=UK”.
This is not what the certificate issuer used to look like prior to the latest metadata update. The vendor insists that they made no changes, and I know for certain that we made no changes to our AD FS server.
I would be less confused if it was pulling some garbled certificate, but it is pulling a “test” certificate from ForgeRock.
What could the potential reason be for us pulling a “test” certificate from ForgeRock through our application provider…?