Auth0 as IdP: Is it possible to sign both the response and assertion?

I’ve read the documentation: Sign and Encrypt SAML Requests

And it seems that Auth0 only supports signing the response, or the assertion, not both. Is that the case? Is there a workaround to that? It seems like Auth0 acknowledges that having both signed is a valid requirement, since using Auth0 as an SP allows for exactly that configuration, but I can’t find documentation on how to configure that scenario when Auth0 is the IdP and the SP has the requirement that both are signed. Every similar request in the “community” help center is either unanswered, unhelpful, or very old. The parent company, Okta, supports this functionality, as do all other major IDaaS solutions, so I find it surprising that it doesn’t seem possible. Am I missing something?

Hi @mmarion,

Welcome to the Auth0 Community!

It doesn’t look like this is currently possible. Feel free to submit a feature request in our Feedback category. Thanks!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.