Azure AD/Auth0/Datadog - SAML Auth

habib.haider · December 29, 2021, 11:41pm

I am doing a POC where I would like to setup SAML auth for Datadog with Azure AD as the source (final) identity provider.

I have done the following so far:

Setup an enterprise connection to Azure AD which seems to be working when I “try” it
- { "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "groups": "http://schemas.xmlsoap.org/claims/Group", "user_id": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ], "given_name": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ], "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "nameIdentifier": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" }
Setup Datadog as an application with connection from the previous step. I have also done the necessary steps on Datadog side to setup Auth0 as the IDP. I am getting redirected to the correct places to authenticate but it ends up in this error below:

image1817×731 40.6 KB

I have inspected the SAML response and I get the following:

<Attribute Name=http://schemas.microsoft.com/identity/claims/tenantid>
                <AttributeValue>99987d92-3ba8-4218-9e2b-207fa2e4a999</AttributeValue>
            </Attribute>
            <Attribute Name=http://schemas.microsoft.com/identity/claims/objectidentifier>
                <AttributeValue>8154678b-ba6c-4cec-9b32-d5e65a4f2999</AttributeValue>
            </Attribute>
            <Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name>
                <AttributeValue>auth0user@redacted.com</AttributeValue>
            </Attribute>
            <Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname>
                <AttributeValue>User</AttributeValue>
            </Attribute>
            <Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname>
                <AttributeValue>Auth0</AttributeValue>
            </Attribute>
            <Attribute Name=http://schemas.microsoft.com/identity/claims/displayname>
                <AttributeValue>Auth0</AttributeValue>
            </Attribute>
            <Attribute Name=http://schemas.microsoft.com/identity/claims/identityprovider>
                <AttributeValue>https://sts.windows.net/99987d92-3ba8-4218-9e2b-207fa2e4a999/</AttributeValue>
            </Attribute>
            <Attribute Name=http://schemas.microsoft.com/claims/authnmethodsreferences>
                <AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>
            </Attribute>

Any idea what I am doing wrong here?