Auth0 Home Blog Docs

untrusted sites

saml
ssl
idp

#1

I am implementing SSO between a custom PHP app and an in house tableau server using SAML. I got it working with a test version of the app running in a Vagrant VM. But when I tried to get it working from the production app auth0 rejected the initial login and I got this error message:

{
  "name": "Error",
  "message": "unable to verify the first certificate",
  "code": "UNABLE_TO_VERIFY_LEAF_SIGNATURE",
  "fromSandbox ": true
}

auth0 tech support said this is because the SSL cert for the site is not trusted. The company that hosts the app also provides the certs and they want more money then the company is willing to spend to get trusted certs. Nor will they allow a third party cert to be installed.

Does anyone know if there is a way to disable the checking for a trusted cert at auth0?

Does anyone know of any IdPs other then auth0 that will work with an untrusted cert?


#2

This situation was handled through a different support channel, providing an update here in relation to points focused in the question for the benefit of others.

The error in question was coming from a custom database connection script performing an HTTPS request to a host that had issues with the certificate chain; browsers dealed with that by downloading additional certificates, but Node.js may fail if the full chain is not provided.

No matter the root cause of the certificate issue, you should not disable the certificate validation check and instead resolve the situation at the root; in this case the domain server that had certificate issues.


#3