Problem statement
When Auth0 is acting as a SAML Identity Provider, the SAML response generated from Auth0 has a claim with the name http://schemas.auth0.com/nameIdAttributes and a value of [object Object].
Symptoms
- Auth0 acts as both the SAML SP and IdP in the same flow. We have an app with SAML addon, and the user logs in with a SAML connection.
- Auth0 sends a SAML response to the app at the end of the flow, and this contains a claim with the name http://schemas.auth0.com/nameIdAttributes and value [object Object]
Steps to reproduce
- Set up the tenant so it can act as both the SAML IdP and SP at the same time. Use default SAML addon settings.
- Send a SAML request to the tenant, and log in with the SAML connection
- Inspect the final response from Auth0 with https://samltool.io
Solution
This claim is added due to a known product issue.
As a workaround, you can set passthroughClaimsWithNoMapping: false in the SAML addon, so this claim will not be sent in the response.
Another workaround is for the application just ignore this claim.