I have setup a test SAML connection with auth0 acting as the service provider.
I am having trouble finding documentation that tells you the default claim mapping auth0 uses to generate users when they initially login.
It looks like <saml2:NameID Format=“urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified”> was used as the user_id, but that contradicts what is said in this article
- User Id Attribute : The attribute in the SAML token that will be mapped to the
user_id
property in Auth0. If not set, then theuser_id
will be retrieved from the following (in listed order):http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
does this mean that other name id formats would work? ex: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
I also noticed that sending <saml2:Attribute Name=“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”… correctly maps to the users first name, but cannot find that documented anywhere.