Hi, Emma. >The second SAML also uses email so I thought I could use the same nameID and released it in the Trust Relationship settings as in the first one. But I am unable to activate the second TR - is this because I am using the same nameID or does this sound like something else? No, using the same nameid for another TR should work perfectly fine. What do you mean by "unable to activate the second TR"? Screenhost of screencast (videofeed) would be helpful. > I get the popup that the TR is being activated but when I try and update the TR or return to the TR page, it shows as deactivated. If the other TR can't pass validation phase, it's because something is wrong with its metadata, or the way you provide metadata with (like if it's by uri, it can be broken/blocked, or protected with untrusted SSL certificate). If you adding metadata by uri atm, you could try to use File method instead. Please also make sure `/opt/gluu/jetty/logs/oxtrust.log` doesn't contain any errors appearing when you try to add this TR. We need to see the metadata you use for both TRs as well.

Thank you - the strange thing is that the new TR never even appears to try and validate. I have discovered a cert type mismatch and am waiting on Freshdesk to update the cert to SHA256 in the hopes that might resolve the issue. Will report back.

Emma, I know this stuff is frustrating...everything should always *just work*, but the best way to work through IAM issues is brevity and clarity. For instance, your ticket title: > Second SAML provider issue Doesn't offer any indication about what the issue might be, and therefore won't help anyone else in the future struggling with the same issues. In general, the more straightforward your support requests are, the faster we can evaluate the issue and provide some guidance. I'm closing this issue, as it's not clear to me what the addressable problem is. Thanks, Will