<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic 400 malformed_certificate google in Security and Permissions</title>
    <link>https://www.dropboxforum.com/t5/Security-and-Permissions/400-malformed-certificate-google/m-p/686150#M8899</link>
    <description>&lt;P&gt;My company uses SSO with Google and we recently began getting 400. Error: malformed_certificate. The SAML certificate had expired, I rotated a new one in and indicated that for Dropbox within Google Admin Console.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In their steps to update, the final one seems to be to configure DB to point to the new cert:&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;7. After changing the certificate assigned to the SAML app, make sure to also update the app's SSO configuration with the new certificate on the &lt;STRONG&gt;Service Provider's website&lt;/STRONG&gt;. SSO with the SAML app won't work until the SP-side configuration is also updated.&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Feels like I'm close to getting this to work again, but don't know exactly what the final bit is. Do I just need to wait to propagate, like a DNS server?&lt;/P&gt;</description>
    <pubDate>Mon, 22 May 2023 23:40:11 GMT</pubDate>
    <dc:creator>bryangarner-wd</dc:creator>
    <dc:date>2023-05-22T23:40:11Z</dc:date>
    <item>
      <title>400 malformed_certificate google</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/400-malformed-certificate-google/m-p/686150#M8899</link>
      <description>&lt;P&gt;My company uses SSO with Google and we recently began getting 400. Error: malformed_certificate. The SAML certificate had expired, I rotated a new one in and indicated that for Dropbox within Google Admin Console.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In their steps to update, the final one seems to be to configure DB to point to the new cert:&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;7. After changing the certificate assigned to the SAML app, make sure to also update the app's SSO configuration with the new certificate on the &lt;STRONG&gt;Service Provider's website&lt;/STRONG&gt;. SSO with the SAML app won't work until the SP-side configuration is also updated.&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Feels like I'm close to getting this to work again, but don't know exactly what the final bit is. Do I just need to wait to propagate, like a DNS server?&lt;/P&gt;</description>
      <pubDate>Mon, 22 May 2023 23:40:11 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/400-malformed-certificate-google/m-p/686150#M8899</guid>
      <dc:creator>bryangarner-wd</dc:creator>
      <dc:date>2023-05-22T23:40:11Z</dc:date>
    </item>
    <item>
      <title>Re: 400 malformed_certificate google</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/400-malformed-certificate-google/m-p/686155#M8900</link>
      <description>&lt;P&gt;Hi &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1707457"&gt;@bryangarner-wd&lt;/a&gt;&lt;/SPAN&gt;, thanks for bringing this to our attention.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'd recommend getting in contact with the support team directly for them to investigate this matter in more detail.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;They'll be able to assist further!&lt;/P&gt;</description>
      <pubDate>Mon, 22 May 2023 23:39:52 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/400-malformed-certificate-google/m-p/686155#M8900</guid>
      <dc:creator>Jay</dc:creator>
      <dc:date>2023-05-22T23:39:52Z</dc:date>
    </item>
    <item>
      <title>Re: 400 malformed_certificate google</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/400-malformed-certificate-google/m-p/686381#M8910</link>
      <description>&lt;P&gt;Thank you. This has been resolved, though the DB process made it difficult.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;By way of answering my own question: I needed to go to DB Admin Console and upload the new certificate. The challenge was that the only way to get to the Admin Console was to login to DB. The only way to login in to DB was via SSO. It was an endless loop.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;DB admins are supposed to be able to login using either SSO or with log/pass credentials (while everyone else is required to use SAML). I am listed as an admin *but did not have ability to login using credentials.* Another admin was able to login that way, disable the SAML-only restriction, so I could upload the cert. Recommend having two accounts with admin access, in case this happens to others.&lt;/P&gt;</description>
      <pubDate>Tue, 23 May 2023 17:16:00 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/400-malformed-certificate-google/m-p/686381#M8910</guid>
      <dc:creator>bryangarner-wd</dc:creator>
      <dc:date>2023-05-23T17:16:00Z</dc:date>
    </item>
  </channel>
</rss>

