Customize SAML Name ID

saravanan109587 · January 2, 2024, 5:03am

We are trying to integrate auth0 with genesys cloud. As part of that we are configuring Auth0 as Identity provider and genesys as Service provider.
When we enable SAML protocol in auth0, genesys expect email address to be a name identifier in SAML response, But we are getting auth0 user id as nameidentifer.
We have referred few of auth0 articles to customize nameidprobs link, But its not working, Still we are getting user id in Name id field.

.
Below is the SAML settings,
{
“mappings”: {
“email”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”
},
“nameIdentifierProbes”: [
“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”
]
}.
Could someone suggest what am I missing?

marcelina.barycka · January 2, 2024, 1:31pm

Hi @saravanan109587 !

Could you try out the following scenarios under the SAML2 Web App Settings?

Mapp the “/nameidentifier” and “/emailaddress” claims with the same user property “email”:

{"mappings": {
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
"email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
},
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]

Or try removing from “mappings” the
"user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
so the Settings looks like this:

{
  "mappings": {
    "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
  },
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

You feedback would be appreciated!

saravanan109587 · January 2, 2024, 5:33pm

Dear @marcelina.barycka ,
Thanks for the suggestion, I have tried both the approach still no difference, Getting user id in nameidentifier.

{
  "mappings": 
       {
      "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
      "email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", 
                "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
      },
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

 <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|6579222a50a7dcd591899f34</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-02T18:27:46.773Z" Recipient="https://manage.auth0.com/tester/samlp"/>
      </saml:SubjectConfirmation>
    </saml:Subject>

saravanan109587 · January 3, 2024, 3:39am

Dear @marcelina.barycka ,
Sorry it was my mistake that i have enabled both SAML and WS-Fed hence it was not reflecting. When i disable WS-Fed addon it worked.
Thanks.

system · January 17, 2024, 3:40am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Set Custom NameIdentifier Attribute in SAML Response from Auth0 Knowledge Articles saml-idp	1	9	October 29, 2024
Adding a SAML response attribute to differentiate one User's linked Identities Help	4	2424	December 22, 2022
How to map claims with auth0 is a Service Provider in a SAML connection Help tenant-management , support-center	2	385	February 15, 2024
Change User ID Used by Auth0 for SAML Connection Knowledge Articles samlp , userid , mapping	1	15	October 9, 2024
Adding custom SAML attribute when auth0 is SP JWT.io rules , samlp , saml2	6	10921	December 17, 2018

Customize SAML Name ID

Related Topics