Can I skip Destination URL check as SAML Service Provider?

Hello,

I’m trying to replace my own authentication system to Auth0. My system has SAML as Service Provider feature and some users did setting their IdP to connect my Service Provider. Generally I have to ask them to update IdP setting to request to Auth0 but I want to let them use Auth0 instead of us without changing their IdP.
I tried to receive SAML Response in my ACS and then call Auth0 ACS to passthrough SAML Response and RelayState however Auth0 returns error Destination endpoint did not match. Because SAML Response has Destination field and it does not match Auth0 URL.

So, can I skip this Destination URL check in Auth0 setting? Or is there a more better way to replace my SAML Service Provider?

2 Likes

Hi @murakami.shunsuke! I am facing the same issue so I was wondering if you found a solution to this. Thanks.

I am also running into this problem. I’d like for my application to receive the SAML payload and decide whether it gets redirected to Auth0. That means the payload lists our application’s URL, not the Auth0 URL, as the ‘destination’ and Auth0 will deny the login attempt if the destination is not https://{subdomain}.auth0.com/login/callback?connection={...).

I tried adding a custom rule to see if that could have any influence on the behavior, but I don’t see any of its log messages when these failed logins happen. It seems like Auth0 denies the login attempt before running the rule.