Use a Custom Certificate to Sign SAML Requests

lihua.zhang · January 28, 2023, 12:02am

Problem statement

When creating a SAML connection (Authentication > Enterprise > SAML ), there is the option to turn on “Sign requests”. However, the certificate used to sign these requests (namely: https://.auth0.com/pem?cert=connection) is self-signed.

This article explains whether there is a way to use a custom certificate to sign these requests, when, for security and compliance reasons, all certificates are required to be signed by a CA.

Troubleshooting

This is not possible through the Dashboard, but the management API allows it:
https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/sign-and-encrypt-saml-requests#use-a-custom-key-to-sign-requests

Cause

It’s not possible to configure custom certificates through the Dashboard, but the Management API allows it.

Solution

The following documentation covers this specific requirement:
Use a custom key to sign requests

It’s not possible to configure it through the Dashboard, but the Management API allows it.

Topic		Replies	Views
Custom Signing Key Help	6	2348	September 9, 2022
Dual Signing and Encryption custom certs support on SSO SAML connections Knowledge Articles sso-integration , connection , saml2	1	840	September 6, 2023
Custom Signing and Encryption Certificate in SAML SP Metadata Knowledge Articles signing , certificate , saml2 , encryption	1	391	February 29, 2024
Certificates Used in SAML Knowledge Articles saml2	1	393	January 23, 2024
The Supported Formats for SAML Connection Signing Certificate are not Consistent Between Dashboard and Management API Knowledge Articles	1	1176	November 22, 2023

Use a Custom Certificate to Sign SAML Requests

Problem statement

Troubleshooting

Cause

Solution

Related Topics