Auth0 is connected to an external IDp using a SAML connection. this connection will return a custom attribute. I am not sure if it should be added to the user properties in Auth0, using the Mappings section of the connector, or if that is the only way to do it
I am then trying to add the information from that attribute to the Token using Action–>Flows
api.idToken.setCustomClaim however I don’t seem to be able to add it
I can add information from app_metadata but not from user properties (does not seem to recognize it).
Therefore I am not sure how to either add it to the app_metadata during saml logon or how I can get it from the user properties
Welcome to the Auth0 Community, it’s really great to have you here
I take it Auth0 is acting as the service provider in this case given that you have an external IdP. If the IdP is sending you a custom attribute you will certainly need to map it in Authentication > Enterprise > SAML connection > Mappings tab.
The left side of the mapping is the user attribute on the SP side, the right side of the mapping is the claim you’re receiving from the IdP. I would probably do a test connection and open the network trace in the browser to locate the SAML response coming in, check the response in samtool.io to confirm the custom attribute is there and also confirm the spelling etc.
You should also see the attribute in the user account, raw json tab.
@SaqibHussain
I have a code like below:
exports.onExecutePostLogin = async (event, api) => {
const namespace = ‘https://samplenamesapce.ca’;
if (event.authorization) {
api.idToken.setCustomClaim(${namespace}/roles, event.authorization.roles);
api.idToken.setCustomClaim(${namespace}/DN, event.user[‘DN’]);
api.accessToken.setCustomClaim(${namespace}/roles, event.authorization.roles);
}
};
The ‘DN’ is a SAML assertion received from the response and mapped to the user’s ‘DN’. I see the value from the user’s account. I want to provide that value to the claim to the client app, however, I couldn’t get it in the Action. Any clue would be appreciated.
I note you’re using an Action to access a user’s root property received via SAML. Currently this is not supported “Top-level event.user attributes added by an external IdP or custom database script” as per https://auth0.com/docs/customize/actions/limitations
We expect to fill this gap early next year but until then you can use Rules.
P.S. just looking my sample rule above, I think there is a copy paste error as only one callback should be required i.e: