Problem statement
This article will explain a potential cause for Invalid Audience errors while configuring a SAML connection with Duo using the Duo Single Sign-On for Auth0 guide.
Symptoms
- Auth0 is the SAML SP
- Duo is the SAML IdP
- Using the Auth0 integration on Duo dashboard
- Using a custom domain in Auth0
Cause
The Auth0 integration in Duo (Duo Single Sign-On for Auth0) does not support custom domains at this time.
Solution
As a workaround, configure a Generic SAML setup in Duo as described here: Duo Single Sign-On for Generic SAML Service Providers.
This allows for the configuration of all aspects of the setup manually or by using a metadata URL/file. If providing the metadata URL, it will be in the following format:
https://[CUSTOM_DOMAIN]/samlp/metadata?connection=[CONNECTION_NAME]- Replace
[CUSTOM_DOMAIN]with the tenants custom domain and replace[CONNECTION_NAME]with the connection name.
- Replace