Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Upload custom signing certificate in Auth0 Generic SAML-P Connection

Upload custom signing certificate in Auth0 Generic SAML-P Connection

Get or generate a new signing certificate:

openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout saml.key -out saml.crt

Update the script and update the following settings:

  • SIGNING_CERT/SIGNING_KEY: Certificate and private key.
  • CONNECTION_NAME: Name of your SAML-P Connection
  • AUTH0_DOMAIN: Auth0 Domain
  • AUTH0_CLIENT_ID: Client ID of the API Explorer Client
  • AUTH0_CLIENT_SECRET: Client Secret of the API Explorer Client

Run the script:

yarn add auth0
yarn add node-fetch
node index

After running the script you will see that the metadata file contains the custom signing certificate:

To validate that it worked you can inspect the signing certificate here:

const fs = require ('fs');
const path = require('path');
const auth0 = require('auth0');
const fetch = require('node-fetch')
const SIGNING_CERT = fs.readFileSync(path.join(__dirname, './saml.crt'), 'utf8');
const SIGNING_KEY = fs.readFileSync(path.join(__dirname, './saml.key'), 'utf8');
const CONNECTION_NAME = 'name-of-my-connection';
const AUTH0_DOMAIN = '';
const AUTH0_CLIENT_ID = 'my-client-id';
const AUTH0_CLIENT_SECRET = 'my-client-secret';
fetch('https://' + AUTH0_DOMAIN + '/oauth/token', {
method: 'POST',
body: JSON.stringify({
audience: 'https://' + AUTH0_DOMAIN + '/api/v2/',
client_id: AUTH0_CLIENT_ID,
client_secret: AUTH0_CLIENT_SECRET,
grant_type: 'client_credentials'
headers: {
'Accept': 'application/json, text/plain, */*',
'Content-Type': 'application/json'
.then(res => res.json())
.then(body => {
if (body.error) {
return Promise.reject(new Error(body.error_description));
return body;
.then(body => body.access_token)
.then(token => new auth0.ManagementClient({ domain: AUTH0_DOMAIN, token: token }))
.then(auth0 => {
let connectionId = null;
return auth0.connections.getAll()
.then(connections => connections.find(c => === CONNECTION_NAME))
.then(connection => {
if (!connection) {
return Promise.reject(new Error('Could not find connection: ' + CONNECTION_NAME));
connectionId =;
return connection;
.then(connection => {
delete connection.realms;
delete connection.strategy;
delete connection.provisioning_ticket_url;
return connection;
.then(connection => {
connection.options.signing_key = {
return connection;
.then(connection => auth0.connections.update({ id: connectionId }, connection))
.then(connection => console.log('Connection updated.\n' + JSON.stringify(connection, null, 2)));
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.