I’m currently utilizing the free version of Auth0 and am trying to use it as my Identity Provider. The service provider I’m hooking into sends signed requests and I would like to make sure Auth0 is validating the signature, but I’m not seeing any configuration in the SAML 2.0 add-on for this. How would I set this up?
According to the documentation available in relation to receiving signed SAML authentication requests you’ll need to provide the certificate through the signingCert settings field of the addon configuration.
I gave it a quick look and this field does not seem to listed by default in the settings shown when you enable the SAML addon, however, I’m assuming it’s not listed just for simplicity purposes as it may not be used in all scenarios. If you have issues with what the linked docs suggest then feel free to update your question or post a comment with your findings.