Invalid Signature Error When Using Node-SAML for Setting Up Auth0 as SAML IdP

kristi.davis · July 28, 2025, 8:12pm

Overview

This article explains why an error occurs when using node-saml version 4.0.0 or newer to set up Auth0 as a Security Assertion Markup Language (SAML) Identity Provider (IdP). When this configuration is attempted, the following error may be encountered:

Invalid Signature

or

Invalid document signature

Applies To

SAML connection

Cause

As of version 4.0.0, node-saml expects, by default, that both the top-level response and assertion are signed, based on the README.md file for this version. When acting as the IdP Auth0 signs only the assertion and it does not support both assertion and top level response to be signed.

Solution

To resolve the error, adjust the node-saml configuration to expect only the assertion to be signed.

In the node-saml configuration file, locate the signature validation parameters.
Use the wantAssertionsSigned and wantAuthnResponseSigned parameters to configure it to only validate the signature of the assertion.

Topic		Replies	Views
SAML Assertion signature is invalid Get Help saml , saml2	4	9461	August 31, 2021
Help with "SAML Signature check errors: invalid signature: for uri" Get Help connections , saml-enterprise-connection	2	1533	February 16, 2023
SAML Error: "SAML Response not signed" Knowledge Articles	1	779	January 26, 2024
How can I test a SAML SP implementation with Postman? Get Help saml , auth0-configuration , postman	10	31630	March 2, 2018
Saml Invalid Signature Issue Get Help saml	1	2290	April 7, 2022

Invalid Signature Error When Using Node-SAML for Setting Up Auth0 as SAML IdP

Overview

Applies To

Cause

Solution

Related topics