Hi @jsoref
Thank you for reaching out and sharing all the information!
I understand that you are seeing a “invalid signature: the signature value …== is incorrect” error message during logout.
The log event you provided features a log type of "type": "flo" , which translates to Failed Logout (User logout failed). This typically points to a signature validation failure during a federated Single Logout (SLO) handshake—specifically when Auth0 acts as a Service Provider (SP) connected to an external SAML/OIDC Identity Provider (IdP).
Allow me to share some possible causes for this behaviour and how to fix them:
-
SAML SLO Endpoint Misconfiguration: In federated SAML setups, there is a known issue where Single Sign-Out fails because the exposed metadata or the IdP configuration points to the wrong logout endpoint. Double-check the Single Logout Service (SLS) URL in your Identity Provider and ensure it aligns with the correct
/v2/logoutformat defined in Auth0’s SAML metadata. I recommend checking out the solution for the following topic on SAML SignOut Request yielding Invalid Signature log; -
IDP Certificate Rollovers & Desync: Verify that the public X.509 certificate uploaded under your Auth0 Enterprise Connection settings matches the active signing certificate on your external IdP;
-
Signature Algorithm Mismatch (SHA-1 vs. SHA-256): Confirm that the signature algorithm preferences (e.g.,
RSA-SHA256) match perfectly on both the IdP settings and the Auth0 Connection configuration.
Hope the above information has helped you resolve the error!
Best regards,
Gerald