Probable Cause:
The ADFS certificate used to sign/encrypt SSO responses is outdated or does not match the certificate in the miniOrange plugin configuration.
Solution:
- In WordPress, open the miniOrange SAML SSO plugin → Identity Provider (ADFS) configuration.
- Update the ADFS certificate in the plugin using either method:
- Recommended: Import/Update the ADFS IDP Metadata in the plugin (this auto-updates the signing certificate), or
- Manually paste/upload the latest ADFS Token-Signing X.509 certificate in the plugin's X.509 Certificate field.
- Save the configuration.
- Run Test Configuration to validate the setup and confirm the certificate is correct.
Note: This issue is usually fixed by updating the ADFS signing certificate in the WordPress plugin (SP side), especially after ADFS certificate rollover.
Still need help?
Contact us at samlsupport@xecurify.com
