cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

400 malformed_certificate google

400 malformed_certificate google

bryangarner-wd
Helpful | Level 5
Go to solution

My company uses SSO with Google and we recently began getting 400. Error: malformed_certificate. The SAML certificate had expired, I rotated a new one in and indicated that for Dropbox within Google Admin Console.

 

In their steps to update, the final one seems to be to configure DB to point to the new cert:

7. After changing the certificate assigned to the SAML app, make sure to also update the app's SSO configuration with the new certificate on the Service Provider's website. SSO with the SAML app won't work until the SP-side configuration is also updated. 

 

Feels like I'm close to getting this to work again, but don't know exactly what the final bit is. Do I just need to wait to propagate, like a DNS server?

1 Accepted Solution

Accepted Solutions

bryangarner-wd
Helpful | Level 5
Go to solution

Thank you. This has been resolved, though the DB process made it difficult.

 

By way of answering my own question: I needed to go to DB Admin Console and upload the new certificate. The challenge was that the only way to get to the Admin Console was to login to DB. The only way to login in to DB was via SSO. It was an endless loop.

 

DB admins are supposed to be able to login using either SSO or with log/pass credentials (while everyone else is required to use SAML). I am listed as an admin *but did not have ability to login using credentials.* Another admin was able to login that way, disable the SAML-only restriction, so I could upload the cert. Recommend having two accounts with admin access, in case this happens to others.

View solution in original post

2 Replies 2

Jay
Dropbox Staff
Go to solution

Hi @bryangarner-wd, thanks for bringing this to our attention.

 

I'd recommend getting in contact with the support team directly for them to investigate this matter in more detail.

 

They'll be able to assist further!


Jay
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

bryangarner-wd
Helpful | Level 5
Go to solution

Thank you. This has been resolved, though the DB process made it difficult.

 

By way of answering my own question: I needed to go to DB Admin Console and upload the new certificate. The challenge was that the only way to get to the Admin Console was to login to DB. The only way to login in to DB was via SSO. It was an endless loop.

 

DB admins are supposed to be able to login using either SSO or with log/pass credentials (while everyone else is required to use SAML). I am listed as an admin *but did not have ability to login using credentials.* Another admin was able to login that way, disable the SAML-only restriction, so I could upload the cert. Recommend having two accounts with admin access, in case this happens to others.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    bryangarner-wd Helpful | Level 5
  • User avatar
    Jay Dropbox Staff
What do Dropbox user levels mean?