Auth0 SAML IdP: Issuer in SAML Response does not Match entityID in Auth0 IdP Metadata

auth0.knowledge2 · February 25, 2025, 8:24pm

Overview

This article explains a potential cause of the Issuer in a SAML Response not matching the entityID in the Auth0 Identity Provider (IdP) Metadata.

Applies To

SAML addon

Cause

The SAML Service Provider (SP) might validate the Issuer in the SAML response against the entityID provided in the Auth0 SAML IdP metadata (https:///samlp/metadata/CLIENT_ID). If the IdP metadata link with the canonical domain (directly from the SAML addon settings) was provided to the SP, but a custom domain is used for the flow, the Issuer in the SAML response will reflect the custom domain instead of the canonical domain and will not match the SP configuration.

Solution

Provide the SP admin with a metadata link that uses the custom domain: https://<CUSTOM_DOMAIN>/samlp/metadata/CLIENT_ID

Topic		Replies	Views
When acting as a SAML SP, does Auth0 validate the IdP (issuer) entityid? Get Help saml	2	3665	March 2, 2018
How can I set custom entity ID (issuer) of Auth0 Identity Provider? Get Help sso , application	0	1752	March 28, 2023
SAML metadata entityID issue - Auth0 as IDP Get Help saml	3	4848	December 27, 2018
URL for SAML Issuer Entity ID instead of URN for single Application Get Help saml , auth0	0	4130	August 12, 2019
Auth0 SAML IdP: set the issuer to a URL-based format in the metadata Knowledge Articles metadata , saml2 , idp , issuer , format	1	1789	February 28, 2023

Auth0 SAML IdP: Issuer in SAML Response does not Match entityID in Auth0 IdP Metadata

Overview

Applies To

Cause

Solution

Related topics