Customize SAML Name ID

Help
,
1

We are trying to integrate auth0 with genesys cloud. As part of that we are configuring Auth0 as Identity provider and genesys as Service provider.
When we enable SAML protocol in auth0, genesys expect email address to be a name identifier in SAML response, But we are getting auth0 user id as nameidentifer.
We have referred few of auth0 articles to customize nameidprobs link, But its not working, Still we are getting user id in Name id field.

image
image769×148 6.53 KB

image
image579×651 27.3 KB
.
Below is the SAML settings,
{
“mappings”: {
“email”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
},
“nameIdentifierProbes”: [
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
]
}.
Could someone suggest what am I missing?

2

Hi @saravanan109587 !

Could you try out the following scenarios under the SAML2 Web App Settings?

  1. Mapp the “/nameidentifier” and “/emailaddress” claims with the same user property “email”:
{"mappings": {
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
"email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
},
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
  1. Or try removing from “mappings” the
    "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
    so the Settings looks like this:
{
  "mappings": {
    "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
  },
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

You feedback would be appreciated!

1 Like
4

Dear @marcelina.barycka ,
Thanks for the suggestion, I have tried both the approach still no difference, Getting user id in nameidentifier.

{
  "mappings": 
       {
      "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
      "email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", 
                "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
      },
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

 <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|6579222a50a7dcd591899f34</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-02T18:27:46.773Z" Recipient="https://manage.auth0.com/tester/samlp"/>
      </saml:SubjectConfirmation>
    </saml:Subject>
5

Dear @marcelina.barycka ,
Sorry it was my mistake that i have enabled both SAML and WS-Fed hence it was not reflecting. When i disable WS-Fed addon it worked.
Thanks.

1 Like
6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.