Use Case: A user who has valid OutSystems credentials, logs into the OutSystems application. On the web page of this application, there is a link to an external website (Salesforce). When user clicks on this link, he should not be asked for credentials again. He should be able to seamlessly log in to the external website using the credential that he already provided to log into OutSystems web application.

We are using the IdP, IdPServer, IdPReact components to configure OutSystems as IdP Provider and we passed the xml and the certificate to a Salesforce team to make the configuration of Salesforce as a Service Provider. 

We already developed our business logic to generate the SAML but when we reach Salesforce we are facing the following problem:

We already tried with different certificates but we get many more errors so we believe the certificate we passed in the first place is the correct one. 

We have no idea on how to fix this issue. Can someone help us?