Auth0 Home Blog Docs

2 SAML2 client addons in same client?

saml2
client-addon

#1

Our App has multiple 3rd party SSOs requiring SAML2. These SSOs are accessed through url links. We have one configured. However, it doesn’t appear that we can add a second custom SAML2 addon to the same client.

Is there a way around this?


#2

The SAML addon is meant to enable the configuration required for a client application to talk SAML when interacting with Auth0. In this case the application just delegates the authentication to Auth0 and the end-user can authenticate through any connection configured. This means the client application always receives an Auth0 SAML assertion no matter if the end-user authenticated with Google social, username/password or even a SAML connection.

Assuming that what you application wants to provide is the ability for end-users of a particular organization to authenticate with that organization SAML identity provider then you should configure a SAML enterprise connection and enable it for the client application. This means that if a new organization comes in, you just need to add a new SAML connection and not do anything to the client application since it will always receive an Auth0 issued SAML assertion. In this scenario there would be no need for multiple SAML addons, however, I may have misunderstood the situation.


#3

Our current config is set-up with Auth0 as Identity Provider Where IdP Initiates SSO. This is the opposite of the example you provided. Our users log-in to our site and have a series of enpoints they access using the SAMLP url:

https://[client].auth0.com/samlp/[key]?RelayState=http://FINAL_DESTINATION_URL
The current config is for iPipeline. I need the second config in order to provide the Provider Cert & Metadata.

If I’m misunderstanding your suggestion is there a place in the docs you can point me to?


#4