3540995 - Login fails after 2H2024 release - Corporate IdP authentication

SF login fails after 2H2024 release due to certificate not being updated on Corporate IdP side.

SAP SuccessFactors HCM Suite

1. Open SF login URL
2. Enter username/password and pass on corporate IdP authentication
3. You will see login failing

With 2411 release, a new SSO certificate is available and can be used by customers to renew SF SSO certificate on corporate IdP, the renewal itself is a manual process as per Renewal of SAP SuccessFactors HCM suite Single-Sig... - SAP Community.

However, it is required that the update on corporate IdP is done before enabling the "SSO Certificate Renewed" under "Admin Center > SAML SSO Settings".

The login fail will occur then when corporate IdP side didn't update the new certificate.

1. Go to "Admin Center > SAML SSO Settings"
2. Check if the "SSO Certificate Renewed" flag is enabled

> > If the flag is enabled:

1. Use below URL to get new public certificate: https://<SF Customer Facing Host>/saml2/spnewcert?company=<company_id> 
2. The corporate IdP side needs to be update with this public certificate

> > If the flag is disabled:

1. Please check the SF SSO certificate expiration date in corporate IdP:
2. If it is June 2, 2025, then it is the old certificate, you should update it
3. If expiration date is 2029, then you are using the new certificate already and you can enable the "SSO Certificate Renewed" flag under SAML SSO Settings

For Product support team, please check internal memo.

• Blog regarding SSO certificate renewal: https://community.sap.com/t5/product-and-customer-updates/renewal-of-sap-successfactors-hcm-suite-single-sign-on-sso-certificate/ba-p/13727406

INC10073563, sso, Certificate, Renewed, Corporate IdP, SSO, login, failed, sf, SF, successfactors, SuccessFactors. , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , How To