Shibboleth SAML Connection Error: "Credential failed name check"

Problem statement

When creating a SAML connection with Shibboleth as the IdP, a prompt is received to provide the certificate that is being used to sign the requests. In the log file, the following error is generated.

<em>2023-05-12 11:13:25,543 - ERROR [] - Credential failed name check: [subjectName='CN={tenant_name}.[](']
2023-05-12 11:13:25,544 - WARN [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:197] - Profile Action WebFlowMessageHandlerAdaptor: Exception handling message
org.opensaml.messaging.handler.MessageHandlerException: Validation of protocol message signature failed
2023-05-12 11:13:25,545 - WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event occurred while processing the request: MessageAuthenticationError</em>


Auth0 SAML connection had sign request enabled, but the certificate had not been uploaded on the Shibboleth side.


Download the certificate to sign the SAML request by:

  1. Navigate to the Dashboard.
  2. Click on Connection and select the Shibboleth connection.
  3. Click on the certificate link under Sign Request.

NOTE: If left blank, the algorithm and algorithm digest default to RSA-SHA256 and SHA256.