I found /need-capability-to-sign-both-saml-response-and-assertion-at-the-same-time/150802 (I can’t include links in my post), but it has not been responded to and is the most recent community question about this that I can find.
Has Auth0 added the ability to sign both the SAML assertion and response since Oct 2024? There are many SPs that require both and based on other posts it seems Okta is able to do this.
I have looked at /docs/authenticate/protocols/saml/saml-configuration/customize-saml-assertions, but it states the “signResponse” option being true signs the response instead of the assertion, no option for both.
If the option to sign both hasn’t been added
-Are there plans to?
-Is it something that may be possible with an action?
Thanks in advance.
(the required tags were as close as I could get)
Hi @aaron.bietz
Welcome to the Auth0 Community!
Thank you for bringing this to our attention. I’ll contact our Engineering team to gather more information about this missing capability. As soon as I have more information, I’ll update you.
Thank you, and I appreciate your patience!
Dawid
1 Like
As of August 2025, Auth0, when acting as the Identity Provider (IdP), does not natively support signing both the SAML assertion and the SAML response simultaneously. While you can choose to sign either the assertion (default) or the response (by setting signResponse: true in the SAML addon configuration), there is no direct option for both. This has been a recurring request in the Auth0 community, and it appears to be on their feature backlog. It might be technically possible to achieve this with a custom Action by manipulating the SAML response, but it’s not a standard or officially supported configuration.