auth0 · BcnCarlos · Mar 30, 2026 · Mar 30, 2026 · Mar 30, 2026 · Mar 30, 2026
@@ -215,11 +215,6 @@ exports.onExecutePostLogin = async (event, api) => {
   };
 ```
 
-
-
-
-
-
 To learn how to turn the private key and certificate files into strings that you can use in a rule, see [Work with Certificates and Keys and Strings](/docs/authenticate/protocols/saml/saml-sso-integrations/work-with-certificates-and-keys-as-strings).
 
 ### Receive signed SAML authentication requests
@@ -239,16 +234,11 @@ To configure signature validation:
      [...], // other settings
      "signingCert": "-----BEGIN CERTIFICATE-----\nMIIC8jCCAdqgAwIBAgIJObB6jmhG0QIEMA0GCSqGSIb3DQEBBQUAMCAxHjAcBgNV\n[..all the other lines..]-----END CERTIFICATE-----\n"
    }
-   ```
-
-
-
-
-
+   ```   
 
 ### Send encrypted SAML authentication assertions
 
-If Auth0 is the SAML identity provider, you can use [Actions](/docs/customize/actions) to encrypt the SAML assertions it sends.
+If Auth0 is the SAML identity provider, you can use [Actions](/docs/customize/actions) to encrypt the SAML assertions it sends. You can also select the encryption algorithm used for assertion encryption. Auth0 recommends using `aes256-gcm` for a stronger security posture.
 
 You must obtain the certificate and the public key from the service provider. If you only got the certificate, you can derive the public key using `openssl`. Assuming that the certificate file is named `certificate.pem`, you can run:
 
@@ -271,20 +261,28 @@ exports.onExecutePostLogin = async (event, api) => {
 
     api.samlResponse.setEncryptionCert(encryptionCert);
     api.samlResponse.setEncryptionPublicKey(encryptionPublicKey);
+    api.samlResponse.setEncryptionAlgorithm("aes256-gcm");
   }
 };
 ```
 
+Auth0 supports the following algorithms for assertion encryption:
 
+* [aes256-gcm](http://www.w3.org/2001/04/xmlenc#aes256-gcm) **(Recommended)** Authenticated encryption that provides both confidentiality and integrity. It is resistant to format validity oracle attacks.
+* [aes256-cbc](http://www.w3.org/2001/04/xmlenc#aes256-cbc) Default. It does not provide integrity guarantees.
+* [rsa-oaep](http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) (including MGF1 and SHA1) used for key transport.
 
+<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
+When an Action does not use the object `api.samlResponse.setEncryptionAlgorithm` to set the encryption algorithm, Auth0 defaults to the `aes256-cbc` algorithm and logs a deprecation warning in your tenant logs.
+</Callout>
 
+<Warning>
+* Auth0 intends to change the default encryption algorithm to `aes256-gcm`. 
+* Update your Action code to set the encryption to `aes256-gcm` using the object `api.samlResponse.setEncryptionAlgorithm`. This supresses the deprecation warning and ensures that your integration behaves predictably when the default algorithm changes.
+* Before setting the algorithm to `aes256-gcm`, verify that your SAML service provider supports it. If it does not, contact your service provider vendor to request support.
+</Warning>
 
 
-The following algorithms are used:
-
-* [AES256](http://www.w3.org/2001/04/xmlenc#aes256-cbc) for assertion encryption
-* [RSA-OAEP](http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) (including MGF1 and SHA1) for key transport
-
 ## Learn more
 
 * [Work with Certificates and Keys as Strings](/docs/authenticate/protocols/saml/saml-sso-integrations/work-with-certificates-and-keys-as-strings)