We only have access to the public key. I found this tool: GitHub - node-saml/xml-crypto: Xml digital signature and encryption library for Node.js
and set it up locally to test the signed saml assertion. It gives the same error that Auth0 is throwing. Now, that looked to be the nail in the coffin, so we were about to contact our client, but then I came across XML buddy (http://www.xml-buddy.com/xml-digital-signatures.htm) and when I ‘verify signature’ using that tool, it says it is valid!
Is there more info I can provide to help you help me?
thanks again