Problem statement
We received the below error when using Keyloak as IdP and Auth0 as SP via SAML.
error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
Cause
Keycloak does not allow the signing cert to be added manually.
Solution
Unfortunately, you can’t manually create a client in Keycloak and add your signing cert. Instead, please create the client with the SP metadata file.
This can be found using the endpoint:
https://{yourdomain}/samlp/metadata?connection={yourConnectionName}