Issue with Auth0 Lock js file loading After Node 22 Update

We have integrated our application with Auth0, and previously, validations such as blocked user checks were working correctly. We are using the following Lock file:

<script src="https://cdn.auth0.com/js/lock/11.16.0/lock.min.js"></script>

However, after updating to Node.js 22, these validations are no longer working as expected.

Specifically, when a blocked user attempts to log in, it displays a flash message:
“The user is blocked.”

Now, instead of showing this message, an error is raised on our application side like

“OneLogin::RubySaml::ValidationError in Devise::SamlSessionsController#create
Issuer of the Assertion not found or multiple.”

Is this need any additional configuration for node 22 working with the auth lock script?

Could any one please assist us in resolving this issue?

Hi @bagul

From the error message that you have posted, it appears that the certificate that you are using to sign the assertion element might be used for a different response element than the one intended or you might be using the wrong certificate.

I would recommend to use https://www.samltool.com/ or https://samltool.io/ (which is provided by Auth0) in order to validate the XML file used for your SAML connection. Also, check for any add-ons which might be modifying the output.

Regarding this error, you can check out the following posts as well:

• OneLogin::RubySaml::ValidationError (Issuer of the Assertion not found or multiple.): · Issue #117 · apokalipto/devise_saml_authenticatable · GitHub
• Class: OneLogin::RubySaml::Response — Documentation for ruby-saml (1.18.0)

Otherwise, I would recommend to review the following articles:

• Troubleshoot SAML Configurations
• Troubleshoot SAML Errors
• Sign and Encrypt SAML Requests
• Migrate from Node 18 to Node 22

If you have any other questions, feel free to leave a reply!

Kind Regards,
Nik