SAML SSO invalid thumbprint error

Problem Statement

Login started to fail for every user on a SAML connection and the log event description shows an “invalid thumbprint” error.

Symptom

  • Auth0 as SP
  • User logs in successfully to upstream IdP and SAML assertion comes back from IdP
  • Login fails with the error “Invalid thumbprint”

Cause

Certificates don’t match. Either one side has changed their certificate or a certificate has been incorrectly imported.

Solution

Please coordinate certificate changes with the IdP, as Auth0 only supports a single certificate for a SAML connection.

You can upload the current certificate the IdP is using via the Dashboard (delete existing, upload new cert) or the Management API.