Problem statement
If Auth0 is configured to both sign and encrypt a SAML assertion, in what order does Auth0 perform the sequence?
Solution
Auth0 signs then encrypts the assertion. Encryption makes sure the recipient is the only one with access to the content and after decryption, the recipient can validate the signature to confirm the origin.
Related References: