Hi,
We’re implementing a SAML 2.0 IdP from scratch and testing it with publicly-available Service Providers. Our Responses now pass validation with samltest.id and Salesforce, but we’re having trouble getting Auth0 to accept the message - it always fails with an error:
{
“error”: “access_denied”,
“error_description”: “Signature check errors: invalid signature: the signature value XF4lGaffQpp6OrPf8rV2lusA5i7EnqKdxi5rLr1uadYDEOhqD3el4LARdOJBIRXCr/Tyfn2y5aOJP291O59y1yY2uSGUUI1RhLzhVSjiKT9C6Aubx18rp3lgfjlSBCW0A+fUEmHQeRn+2A11KP3fDPHc+o9laQU7HweqLu+HVT3nR8YBmt7nqSf2BoHaQCFeNVSVKAzbdu/uziNkqiKMZqppj2WgQBukxIzk8nglGmLD7EyRF92ijPoP1d8PZ7ipOkHZrCV0FFLvk+NGUyUmYII2jW8wi5dVFTx7j5T8LTXGOamA5SA3TSnU4WUE+XLmTYy/eiEEgrGgC5HVNAiiVzvLnrVm8I8EntLdDE9zFKiewNSOAXOHCq7QDD9aMR/n/Zz0WguEvjZzyBMXyXcMsOKImERRnUtPcUiQlgD5j10HbO++j9b+Gsk0ktUKgrLtMkR8lY6avBv2UEn89KCWWwVt2zcm4BOUmUygAkPBZGfS9Bieke1u1DBn86mJkKxfRG6nt8aJCbAXykWjDXBqEuYb2/FlFf1IohCIXfx4gGqzyfjcN8Tq/xgTkfz0ObcDXBeRqVs57snxapXjXDz1VE9Ul4v7TNVrdX1KgOUSw7dN075tMSWnw5NGckGSbGWovL6HKh2wQVSv7hsTTc4SzEagMDwo6/ND5dbmx8WB2+w= is incorrect”
}
Here’s the complete message that we’re sending: SAML Request that fails signature verification with auth0 but validates with other tools · GitHub
All validators that we could find say that the signature is OK - samltool.io and Chillkat’s XML signature validator all give us green results. Similarly-generated responses also work with test flows on samltest.id and Salesforce’s test SP. Obviously, we have uploaded the certificate PEM before testing.
We have tested with SHA-1 and SHA-256 (both digest and signature), but to no avail. Any idea what we’re doing wrong, or why auth0 is claiming the signature to be invalid?