I am trying to integrate SAML SSO onto a third party application. They say that the signing algorithm used on the certificate is too weak. Apparently on the certificate I downloaded from the Auth0 console used the sha1 algorithm and they require it to be sha256. I went to the settings dashboard and updated the settings json file to use sha256 instead when signing the SAML responses but I am still getting the error however. Do I have to create the certificates from my terminal manually and upload them to Auth0 ? If so, how would I do this? Do the certificates within Auth0 come signed with sha1 by default. How can I check? I am quite new to this and any help would be appreciated.
I believe you need this.
See the signatureAlgorithm property. Default value is SHA1 but it can be changed to SHA256, which is what you need.