ADFS SSO login attempts fail unexpectedly where no manual changes have been made to idp or adfs.Issue You will recognise this issue if: You have configured ADFS as the idp for your Single Sign on.SSO login attempts start to fail unexpectedly close to the certificate expiration date for the idp.On your instance system logs (syslog), a search for records created today and the Source start with SAML shows the following errors. Error Could not validate SAMLResponse. Error Failed to validate signature profile. Error SAML2ValidationError: Signature did not validate against the credential's key CauseADFS has a feature called AutoCertificateRollover. From the above article "AutoCertificateRollover is automatically enabled by default and the token-signing and token-decrypting certificates are self-signed and maintained by the AD FS 2.0 service.""There is a way to immediately cause the self-signed certificates to be generated, but this will cause service outage with your partners until they have refreshed from your federation metadata. We recommend causing the certificate generation after hours to avoid an outage. Alternatively, you could work closely with your partners to ensure that they are ready to immediately update via federation metadata (causing a short outage)."ResolutionTo resolve this issue the new certificate needs to be provided to the instance and associated with the idp record to allow SSO login attempts to be validated.