Use Auth0 SAML as Authentication Provider in Cognito

I’m trying to change from OIDC to SAML to avoid certificate pinning in AWS Cognito. I use an identity provider (no user pool) because I just need to attach a policy on demand and so far it works perfectly with OIDC. Now I download my metadata xml from Auth0, I run the Debug (“It Works!” apparently), but then runtime I get

An error occurred (NotAuthorizedException) when calling the GetId operation: Token is not from a supported provider of this identity pool.

I found several solutions for UserPool saying to write in Cognito the right AppId, but I am using SAML as I said so I don’t need it and I don’t want to create and maintain a user pool I won’t use anyway. Am I missing something?

Note: I haven’t changed anything in the SAML config in Auth0 as it seems on debug time I can get my own email, name and so on.