Auth0 Home Blog Docs

Can I change certificate and private key of SAML IdP client?



I setup a client as SAML IdP. A certificate, and private key is generated at creating a new client.

I hop to change a certificate of SAML IdP to another certificate which is not self-signed.

How to change a certificate at SAML IdP?


To my knowledge, it’s not possible to provide a custom certificate for the purpose of signing SAML assertions or issued JWT tokens. In general, the fact that it’s a self-signed certificate is not an issue because there would not be much difference (that is, if Auth0 has to have the private key you’re already trusting it to issue only correct assertions so self-signed or not it would have no difference from that perspective). Is your issue strictly with the fact that is self-signed or with the characteristics of the actual certificate?


I’m thinking about I can move a SAML IdP to auth0 without changing SAML SP side setting.
I can set a issuer value of SAML IdP in SAML Assertion, to write javascript in rules.
But I can’t find a way to set a certificate/private key of SAML IdP.

Otherwise, I know, a SP requires a public certificate of a SAML IdP.
In this case, I need to create a SAML IdP to use public certificate.

It is very very rare case …

It is a reasen for my question.