SSO logs show an application accepting SAML assertions after certificate rollover, but only for one legacy app. What should you verify FIRST?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
SAML trust breaks when SP metadata is stale; certificate mismatch is the typical root cause after IdP rotation.
Correct answer(s): d. The service provider metadata and signing certificate trust store match the new IdP certificate
Exam domain: Authentication (20% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.