This article explains why SAML errors occur when Auth0 is configured as the Identity Provider (IdP) and a third-party Service Provider (SP) requires signed assertions and responses. An attempt to sign in fails with the following error:

SAML Response not signed

After updating the configuration to sign the response, a subsequent login attempt fails with a second error:

SAML assertion not signed

• SAML
• Auth0 as IdP

The errors occur because the SP requires both the SAML assertion and response to be signed. In configurations where Auth0 acts as the IdP, signing both the assertion and the response simultaneously is not supported.


 

In configurations where Auth0 is the IdP, signing both the SAML assertion and response is not supported. An item to add this functionality exists in the product feature backlog.

Users who require this capability are encouraged to submit a feature request via the Customer Feedback form to help prioritize this feature.

Related References

• Configure Auth0 as SAML Identity Provider
• SAML Identity Provider Configuration Setting
• Map SAML Attributes with Auth0 as IdP/SAML Add-on
• Troubleshoot SAML Configurations
• Troubleshoot SAML Errors
• Community: Auth0 as IdP: Is it possible to sign both the Response and Assertion