Error from Third Party Service Provider "SAML response does not contain an XML signature"

Problem statement

When setting up Auth0 as an identity provider, the following error is encountered from the third-party service provider. This occurs when the third-party service is integrated with Auth0 using the SAML protocol.

SAML response does not contain an XML signature

Steps to reproduce:

  1. Open https://[tenant-name].us.auth0.com/samlp/[client-id] in a browser
  2. Log in with username and password
  3. The user is redirected to the service with Auth0 sending the SAML response.
  4. The service returns an error ‘Sorry, there was an error (Code HF05)’

The support page indicates the cause of this code is ‘SAML Assertion Signature is not signed. SAML Response does not contain an XML Signature’.

Symptoms

When users go to https://test-np.us.auth0.com/samlp/CrlypZrz1gnxS7TM6124eqwdscxzqEGcdasasup2P7AvjxI1
and sign in they receive an error ’

Steps to reproduce

Cause

This error occurs when the SAML Assertion is not signed.

Solution

When Auth0 is the SAML identity provider, it will sign SAML assertions with the tenant’s private key and provide the service provider with the public key/certificate necessary to validate the signature. Auth0, by default, signs the SAML assertion within the response.

To sign the SAML response instead:

  1. Navigate to Auth0 Dashboard > Applications, and select the application’s name to view.
  2. Select the Addons view.
  3. Select SAML2 Web App to view its settings and locate the Settings code block.
  4. Locate the " signResponse" key. Uncomment it (or add it, if required), then set its value to true (the default value is false). The configuration should look like this:
{
[...], // other settings "signResponse": true
}