SAML SignOut Request yielding Invalid Signature log

We’ve recently configured an Enterprise connection to a client’s Azure AD via SAML.

Sign-in is working great! We exchanged certificates and other metadata, and users are signing in without any issue.

Somehow, though, we’re consistently failing to support Single SignOut; every attempt results in an “invalid signature: the signature value [dynamic signature] is incorrect,” resulting in the user being signed out at their Identity Provider (AD) but not within Auth0 or our Relying Party application.

The logs don’t seem to provide much context as is; how can I go about diagnosing this issue?

  • Can I somehow capture the full SAML requests?
  • Are there settings to flip that I’m missing?

Resolved: Auth0’s exposed metadata notes the signout endpoint as [Auth0Domain]/logout, when it should be [Auth0Domain]/v2/logout.

Frustrating! but glad we finally got this resolved.

1 Like

Perfect! Thanks for sharing with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.