Auth0 Home Blog Docs

Difference between public key and public cert for an Auth0 tenant



I am unable to get signed SAML assertions working with Auth0 as SAML IdP. The documentation below recommends to have both public cert and key in the rule to sign the SAML assertions.

Here is the example rule that seems to have public cert and key. I’ve believed there is only one public cert for a tenant. Is there any difference between a public cert and public key? This doesn’t make any sense and the documentation gives little help in this piece of code.

function (user, context, callback) {

  context.samlConfiguration = (context.samlConfiguration || {});
  context.samlConfiguration.encryptionPublicKey = "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n";
  context.samlConfiguration.encryptionCert = "-----BEGIN CERTIFICATE-----\nMII...u84\n-----END CERTIFICATE-----\n";

  callback(null, user, context);


It is the same key, but different formats:

encryptionPublicKey (rsa_pub), encryptionCert (pem)

If you need to generate the pem from the rsa_pub you can do something like this:
ssh-keygen -f ~/.ssh/ -m 'PEM' -e > public.pem


Thank you for the answer. That makes sense!