Problem statement
Guidance is required on how to set up Auth0 as the Service Provider (SP) and Keycloak as the Identity Provider (IdP). The current configuration results in an error during login:
error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
Symptoms
- Using Keycloak as IdP
- Auth0 as SP via SAML
- Faulty configuration results in the error:
error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
Cause
Keycloak does not allow the signing cert to be added manually.
Solution
Keycloak does not support the facility to create a client and then manually add the signing certificate. It is necessary to create the client with the SP metadata file. This metadata can be discovered using the following endpoint:
https://{/)yourDomain}/samlp/metadata?connection={yourConnectionName}
where yourConnectionName
is the name of the SAML connection.
For more information, refer to SAML Identity Provider Configuration Settings.
Related References