I am implementing SSO between a custom PHP app and an in house tableau server using SAML. I got it working with a test version of the app running in a Vagrant VM. But when I tried to get it working from the production app auth0 rejected the initial login and I got this error message:
{
"name": "Error",
"message": "unable to verify the first certificate",
"code": "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
"fromSandbox ": true
}
auth0 tech support said this is because the SSL cert for the site is not trusted. The company that hosts the app also provides the certs and they want more money then the company is willing to spend to get trusted certs. Nor will they allow a third party cert to be installed.
Does anyone know if there is a way to disable the checking for a trusted cert at auth0?
Does anyone know of any IdPs other then auth0 that will work with an untrusted cert?