Single Sign-On Certificate Configuration

Hi, I’m having trouble setting up Single Sign-On with a custom template.
The OAuth flow seems to be working fine and Cumulocity receives the JWT but then shows the following error:

In the configuration I’m using a custom verifier and have set the field for the Certificate ID to ‘cid’. I also attached a screenshot of the certificate config.

The Problem is that i don’t know what the ‘cid’ claim in the JWT needs to be set to as i don’t really know what the certificate id is or how to get it from the certificate.

Hi Gerrit,

even I am not working with Cumulocity I will try some hints:

The certificate has a serial number additionally to its fingerprints.
I guess that the certificate id should be the serial number.

When you put the MII-String into a text file and name it with extension CER, you will be able to check the content of the certificate in Windows by double clicking on it.
In Unix you can try to check with openssl.

Remember to add Start and End lines to the text file:
put the MII string here.

You might want to check for the Cumulocity Administrators Guide if there is a chapter how to configure SSO.


Hi Holger,

thank you for your response.

I should have mentioned it before but i already tried to use the serial number of the certificate without success.

There is indeed a chapter about SSO in the Administration Guide but it’s very sparse and does not mention the certificate id at all.


Hi Gerrit,

for a deeper analysis it would be great on which tenant you see those issues.

best regards