Add a Prefix to SAML Response Signature Namespace - Auth0 as SAML IdP

Problem statement

To configure Auth0 as a SAML Identity Provider there also needs to be implemented a response with a 2.0 compliant SAML response token.

After configuring the Auth0 SAML Web App Addon, the authentication flow works.

However, the Service Provider application receives a SAML response with a Signature namespace that does not include the “ds:” prefix attribute.

According to the SAML 2.0 specification, we assume to receive the prefix in our SAML response:

=== > < ds:Signature xmlns:ds=""" > instead of <Signature xmlns="">;


There is an undocumented setting for the SAML addon > signatureNamespacePrefix. It can be used to add the ds: prefix like this:
“signatureNamespacePrefix”: “ds”
If adding this in the SAML addon doesn’t work, there is a Rule (since this option is not yet available in Actions) to add it, like this:

function changeSamlConfiguration(user, context, callback) {
  if (context.clientID === 'YOUR-CLIENT-WITH-THE-ADDON') {
     context.samlConfiguration = (context.samlConfiguration || {});
     context.samlConfiguration.signatureNamespacePrefix = "ds";