SAML app metadata imported but app still trusts old signing cert

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

A SaaS app imports new IdP metadata, but continues validating against the prior certificate.

Recommended Resolution Path

  1. Check whether the app caches metadata or requires manual certificate activation.
  2. Compare the current cert fingerprint in the app with the expected new one.
  3. Test with a fresh sign-in and collect the exact validation error if it still fails.
  4. Document the app-specific rollover process so the next change is calmer.

Technician Notes

Confirm the result, document the root cause, and record any preventative action worth standardizing.

Subjects
Security & Continuity
Certificates