I’ve read the documentation: Sign and Encrypt SAML Requests
And it seems that Auth0 only supports signing the response, or the assertion, not both. Is that the case? Is there a workaround to that? It seems like Auth0 acknowledges that having both signed is a valid requirement, since using Auth0 as an SP allows for exactly that configuration, but I can’t find documentation on how to configure that scenario when Auth0 is the IdP and the SP has the requirement that both are signed. Every similar request in the “community” help center is either unanswered, unhelpful, or very old. The parent company, Okta, supports this functionality, as do all other major IDaaS solutions, so I find it surprising that it doesn’t seem possible. Am I missing something?