Error:04099079 when using Auth0 as SP and Keycloak as IDP

Problem statement

We received the below error when using Keyloak as IdP and Auth0 as SP via SAML.

error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error

Cause

Keycloak does not allow the signing cert to be added manually.

Solution

Unfortunately, you can’t manually create a client in Keycloak and add your signing cert. Instead, please create the client with the SP metadata file.

This can be found using the endpoint:
https://{yourdomain}/samlp/metadata?connection={yourConnectionName}