Auth0 Home Blog Docs

Signed SAML request

I use Auth0 as an identity provider ; the signed requests that my application sends to Auth0 receive the error that signature is invalid. I tried different ways of formatting the signingCert pasted into the SAML Webapp addons configuration page without any success. I know the signature is valid since I validated it with the same utility I used to sign it. It seems to be an issue with the formatting of the certificate although I did follow the instructions here: https://auth0.com/docs/protocols/saml/saml-configuration/special-configuration-scenarios/signing-and-encrypting-saml-requests#working-with-certificates-as-strings

The best way to troubleshoot this would be for us to have access to the value you’re trying to use; this option is just for a public key, however, if you would still prefer not to include this information publicly you can send as direct message to me.

As you said, it may indeed be that this is just an issue on how the public key is being provided, however, one thing to note would be that I would try to validate that the signing is being performed correctly by using a different tool/library than the one I used to sign it. The reason being that it may always be possible that the issue is inherent to that single tool (in other words, the tool is doing something unexpected, but it does so consistently both in signing and verification stages).