Error "Failed to read asymmetric key" on SAML Response

Problem Statement:

When trying to set up a Ping Federate connection, we received the “Failed to read asymmetric key” error on SAML Response.

Solution:

Ping Federate has some options regarding responses that can be toggled. And they can impact Auth0 being able to read the certificate.

This issue is most likely with the Ping Federate configuration. If Ping Federate does not send the certificate in responses, Auth0 will rejct the signature.

Enabling the option to include the certificate in the element should resolve most instances of this error. If this fails, check the certificates uploaded and the ones sent by Ping Federate are the same.
HAR File would be useful to check if debug mode on connection is not enabled.

Reference:

https://docs.pivotal.io/p-identity/1-5/pingfederate/config-pingfederate.html