Error:04099079 When Using Auth0 as SP and Keycloak as IDP

lihua.zhang · May 8, 2023, 8:12pm

Problem statement

Guidance is required on how to set up Auth0 as the Service Provider (SP) and Keycloak as the Identity Provider (IdP). The current configuration results in an error during login:

error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error

Symptoms

Using Keycloak as IdP
Auth0 as SP via SAML
Faulty configuration results in the error:
error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error

Cause

Keycloak does not allow the signing cert to be added manually.

Solution

Keycloak does not support the facility to create a client and then manually add the signing certificate. It is necessary to create the client with the SP metadata file. This metadata can be discovered using the following endpoint:

https://{/)yourDomain}/samlp/metadata?connection={yourConnectionName}

where yourConnectionName is the name of the SAML connection.

For more information, refer to SAML Identity Provider Configuration Settings.

Related References

Keycloak documentation

Topic		Replies	Views
Receive encrypted SAML authentication assertions - Decode error Help connections , saml-enterprise-connection	6	2308	January 9, 2023
Encrypted SAML Response from Identity Provider Decoding Error Knowledge Articles	1	14	November 1, 2024
Error “invalid thumbprint” from SAML Login Knowledge Articles saml , sso , error , invalid , invalid-thumbprint	1	7047	September 22, 2022
Help with "SAML Signature check errors: invalid signature: for uri" Help connections , saml-enterprise-connection	2	1370	February 16, 2023
Auth0 as SP, ADFS as IDP SAML error Help adfs , saml2	3	5852	September 30, 2024

Error:04099079 When Using Auth0 as SP and Keycloak as IDP

Problem statement

Symptoms

Cause

Solution

Related Topics