Unable to configure SAML using OneLogin -Uploaded Certificate is Invalid

Unable to configure SAML using OneLogin -Uploaded Certificate is Invalid

Upon configuring SAML, if you come across the below errors:

Uploaded Certificate is Invalid (Happens with .PEM cert generated in OneLogin)
failed to update IdP details. Check logs for details

Verify the below trace in the Logs:
java.security.cert.CertificateParsingException: java.io.IOException: Duplicate extensions not allowed|
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)|
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1804)|
  at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)|
  at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)|
  at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)| 

1. Create a new Certificate in OneLogin:


2. Ensure the “set CA Flag in Basic Constraints extension to “true” and keyCertSign bit for KeyUsage” is not enabled. 

3. Edit the One Login configuration to use this new cert generated
4. Download the der file.

5. Try with the .der file

                  New to ADManager Plus?

                    New to ADSelfService Plus?

                      • Related Articles

                      • Configuring SAML with ADFS

                        Step 1: Open the ADFS management application Step 2: Right-click Relying Party trust and choose Add Relying Party Trust. The Add Relying Party Trust Wizard opens. Step 3: Choose Claims Aware and click Start Step 4: Choose Enter data about the relying ...
                      • How to configure SAML with Azure AD (Old KB)

                        This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...
                      • Configuring SAML with Azure (New)

                        Step 1: Open the Azure Portal--->Enterprise Applications. Step 2: Select the created Enterprise Application and get started with Set up Single Sign-On. Step 3: Edit the basic SAML Configuration. Step 4: Copy the Entity ID from SDPMSP and place the ...
                      • SAML FAQ's

                        Please find the list of frequently asked queries in SAML 1. I have enabled SAML but still could not find a way to log in using SAML Since the application has multi-tenant feature there are certain security added to the SAML login. In a SAML ...
                      • Page crashed exception thrown while downloading metadata.xml in the SAML configuration page.

                        Applicable only from build10523 Unable to download Metadata.xml from the SAML configuration page? Workaround-1: Please access the following URL to download metadata.xml https://localhost:8523/servlet/SamlMetaServlet?id=<id> Get the id from the ...