When the user finishes authentication in SurePassID SAML2 IdP and is redirected to the calling SAMl2 Service Provider (a third-party application), they may encounter the following error:
Error Code = m_safeCertContext is an invalid handle.
This error occurs because the identity of the SAML2 IdP application, which is specified in the application pool, does not have the necessary permissions in Windows to securely sign requests using cryptography.
To solve this issue, it is necessary to change the identity (account) linked to the SAML2 IdP IIS application pool. This new account should have the required access permissions. It is advisable to use a Manager Service Account (MSA) for this purpose, as it provides the necessary access permissions.