The Certificate's Signature can be part of Assertions which Identity Portal was not able to handle.

1. Login in Portal User Console using SAML authentication

2. Change the Certificate in the Service Provider to a new one

3. Try login again and Identity Portal will not consider that a new certificate was deployed. The expected behavior here is the SAML authentication to fails but this is not failling.

Identity Portal (IDP) 14.5 on Vapp or Standalone

The Certificate's Signature can be part of Assertions which Identity Portal was not able to handle being necessary a fix.

To address this issue, conditions were added to source code to redirect to the samlerror.jsp page with an error message. This solution is included in a hotfix provided by the Engineering Department.