We’ve recently configured an Enterprise connection to a client’s Azure AD via SAML.
Sign-in is working great! We exchanged certificates and other metadata, and users are signing in without any issue.
Somehow, though, we’re consistently failing to support Single SignOut; every attempt results in an “invalid signature: the signature value [dynamic signature] is incorrect,” resulting in the user being signed out at their Identity Provider (AD) but not within Auth0 or our Relying Party application.
The logs don’t seem to provide much context as is; how can I go about diagnosing this issue?
- Can I somehow capture the full SAML requests?
- Are there settings to flip that I’m missing?