Problem Statement
Logins started to fail for every user on a SAML connection and the log event description shows an “invalid thumbprint” error.
Symptoms
- Auth0 as SP
- User logs in successfully to upstream IdP and SAML assertion comes back from IdP
- Login fails with error “Invalid thumbprint”
Steps to Reproduce
- Login with custom SAML SSO
Cause
The SAML x.509 certificate that has been uploaded on the Auth0 side for the SAML connection does not match the one in use by the Identity Provider.
Solution
Work with the identity provider to make sure the correct certificate is being used. Note that Auth0 only supports a single certificate for a SAML connection. Upload the current certificate the IdP is using via the Dashboard (delete existing, upload new cert) or the Management API.
Related References