Adding roles to SAML response

Hi everyone,

Trying to get the SAML working but cant seem to be able to configure roles that are configured through Auth0 UI to show up in SAML response, settings in “Addon: SAML2 Web App” are mostly default, see below:

{
“mappings”: {
“user_id”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”,
“email”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”,
“name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name”,
“given_name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”,
“family_name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname”,
“upn”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn”,
“groups”: “http://schemas.xmlsoap.org/claims/Group”,
“roles”: “http://schemas.xmlsoap.org/claims/Role
},
“createUpnClaim”: true,
“passthroughClaimsWithNoMapping”: false,
“mapUnknownClaimsAsIs”: true,
“mapIdentities”: true,
“signatureAlgorithm”: “rsa-sha1”,
“digestAlgorithm”: “sha1”,
“destination”: “https://…”,
“lifetimeInSeconds”: 3600,
“signResponse”: false,
“typedAttributes”: true,
“includeAttributeNameFormat”: true,
“nameIdentifierFormat”: “urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”,
“nameIdentifierProbes”: [
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
],
“authnContextClassRef”: “urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified”,
“logout”: {
“callback”: “…”,
“slo_enabled”: true
},
“binding”: “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
}

I’m sure the solution is super simple but I just can’t seem to get it working.
Any help appreciated :slight_smile: