Help with "SAML Signature check errors: invalid signature: for uri"

Hello all,

I am attempting to spin up a SAML IdP-Initiated (custom .NET Framework solution) to use Auth0 as SP via SSO front-channel (HTML form post redirecting user to Auth0 with SAML responses encoded as Base64.)

I’m learning Auth0 as I go. I am dealing with a problem that I am struggling to overcome and require some assistance here.

When IdP redirect user to Auth0 with SAML response, I see a Auth0 page with a message “Looks like something went wrong!”

I looked at the logs, and found the error:
“Signature check errors: invalid signature: for uri #_249d8171fd374cbfa7f6d453a43829f7 calculated digest is wz/OVaDpT8FuZFKUZsiPxcvMQgIG/67d5nbB/w18QF0= but the xml to validate supplies digest XHzdCEfWj3yZ9N7xiG2a71XH80sz0kCqFCU9TplaK1”

I do not understand where the invalid signature is coming from. Could someone explain the error I’m getting? Is this because IdP (custom solution) and Auth0 are both not using same keys? I am using self-signed certification as I’m testing this locally. Could that be a problem?

Is it possible that I’m generating this error somehow, by making IdP be the one to sign the SamlResponse payload with its own self-signed certificate that contains private-key and public key within? It’s not signing the SamlResponse with any certificate from Auth0 at all. I wonder if that could be the reason?

I do not have any encryption for assertions, so no encrpytion. Only signing is happen.

How can I get support faster here? This is becoming more critical, and I need some assistance in this, please.

Thank you.