We are trying to integrate auth0 with genesys cloud . As part of that we are configuring Auth0 as Identity provider and genesys as Service provider.
When we enable SAML protocol in auth0, genesys expect email address to be a name identifier in SAML response, But we are getting auth0 user id as nameidentifer.
We have referred few of auth0 articles to customize nameidprobs link , But its not working, Still we are getting user id in Name id field.
.
Below is the SAML settings,
{
“mappings”: {
“email”: “
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress ”
},
“nameIdentifierProbes”: [
“
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress ”
]
}.
Could someone suggest what am I missing?
Hi @saravanan109587 !
Could you try out the following scenarios under the SAML2 Web App Settings?
Mapp the “/nameidentifier” and “/emailaddress” claims with the same user property “email”:
{"mappings": {
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
"email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
},
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
Or try removing from “mappings” the
"user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
so the Settings looks like this:
{
"mappings": {
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
},
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
You feedback would be appreciated!
1 Like
Dear @marcelina.barycka ,
Thanks for the suggestion, I have tried both the approach still no difference, Getting user id in nameidentifier.
{
"mappings":
{
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
"email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
},
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|6579222a50a7dcd591899f34</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2024-01-02T18:27:46.773Z" Recipient="https://manage.auth0.com/tester/samlp"/>
</saml:SubjectConfirmation>
</saml:Subject>
Dear @marcelina.barycka ,
Sorry it was my mistake that i have enabled both SAML and WS-Fed hence it was not reflecting. When i disable WS-Fed addon it worked.
Thanks.
1 Like
system
Closed
January 17, 2024, 3:40am
6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.