Feature: Auth0 addon for SAML2 Web App suggests incorrect value for signingCert setting.
Description: In the addon settings, the description for signingCert states:
Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be "-----BEGIN PUBLIC KEY----- MIGf…bpP/t3 +JGNGIRMj1hF1rnb6QIDAQAB -----END PUBLIC KEY----- ".
This is incorrect for two reasons:
- It suggests a PKCS#8 public key
- It suggests to replace line breaks with spaces
Configuring the addon as indicated leads to a login error with message: invalid_request: error:1E08010C:DECODER routines::unsupported
The only correct configuration is:
- Use a X.509 certificate instead of PKCS#8 public key
- Replace line breaks with
\n
This is also indicated in the docs ( Sign and Encrypt SAML Requests - Auth0 Docs ):
{
[...], // other settings
"signingCert": "-----BEGIN CERTIFICATE-----\nMIIC8jCCAdqgAwIBAgIJObB6jmhG0QIEMA0GCSqGSIb3DQEBBQUAMCAxHjAcBgNV\n[..all the other lines..]-----END CERTIFICATE-----\n"
}
Use-case: Web application using Auth0 as SAML2 Identity Provider.