Problem Statement
Login started to fail for every user on a SAML connection and the log event description shows an “invalid thumbprint” error.
Symptom
- Auth0 as SP
- User logs in successfully to upstream IdP and SAML assertion comes back from IdP
- Login fails with the error “Invalid thumbprint”
Cause
Certificates don’t match. Either one side has changed their certificate or a certificate has been incorrectly imported.
Solution
Please coordinate certificate changes with the IdP, as Auth0 only supports a single certificate for a SAML connection.
You can upload the current certificate the IdP is using via the Dashboard (delete existing, upload new cert) or the Management API.