Problem statement
To configure Auth0 as a SAML Identity Provider there also needs to be implemented a response with a 2.0 compliant SAML response token.
After configuring the Auth0 SAML Web App Addon, the authentication flow works.
However, the Service Provider application receives a SAML response with a Signature namespace that does not include the “ds:” prefix attribute.
According to the SAML 2.0 specification, we assume to receive the prefix in our SAML response:
=== > < ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"" > instead of <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">;
Solution
There is an undocumented setting for the SAML addon > signatureNamespacePrefix. It can be used to add the ds: prefix like this:
“signatureNamespacePrefix”: “ds”
If adding this in the SAML addon doesn’t work, there is a Rule (since this option is not yet available in Actions) to add it, like this:
function changeSamlConfiguration(user, context, callback) {
if (context.clientID === 'YOUR-CLIENT-WITH-THE-ADDON') {
context.samlConfiguration = (context.samlConfiguration || {});
context.samlConfiguration.signatureNamespacePrefix = "ds";
}
}