Use a Custom Certificate to Sign SAML Requests

lihua.zhang · January 28, 2023, 12:02am

Problem statement

When creating a SAML connection (Authentication > Enterprise > SAML ), there is the option to turn on “Sign requests”. However, the certificate used to sign these requests (namely: https://.auth0.com/pem?cert=connection) is self-signed.

This article explains whether there is a way to use a custom certificate to sign these requests, when, for security and compliance reasons, all certificates are required to be signed by a CA.

Troubleshooting

This is not possible through the Dashboard, but the management API allows it:
https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/sign-and-encrypt-saml-requests#use-a-custom-key-to-sign-requests

Cause

It’s not possible to configure custom certificates through the Dashboard, but the Management API allows it.

Solution

The following documentation covers this specific requirement:
Use a custom key to sign requests

It’s not possible to configure it through the Dashboard, but the Management API allows it.

Topic		Replies	Views
Custom Signing Cert on Enterprise Connections Get Help management-api , connections-management-api	2	38	November 22, 2024
Custom Signing Key Get Help	6	2435	September 9, 2022
Custom Signing and Encryption Certificate in SAML SP Metadata Knowledge Articles signing , certificate , saml2 , encryption	1	468	February 29, 2024
Certificates Used in SAML Knowledge Articles saml2	1	526	January 23, 2024
How do I set up a SAML 2.0 addon that validates signed requests? Get Help saml , clients	2	3677	March 2, 2018

Use a Custom Certificate to Sign SAML Requests

Problem statement

Troubleshooting

Cause

Solution

Related topics