Customize SAML Name ID

We are trying to integrate auth0 with genesys cloud. As part of that we are configuring Auth0 as Identity provider and genesys as Service provider.
When we enable SAML protocol in auth0, genesys expect email address to be a name identifier in SAML response, But we are getting auth0 user id as nameidentifer.
We have referred few of auth0 articles to customize nameidprobs link, But its not working, Still we are getting user id in Name id field.


.
Below is the SAML settings,
{
“mappings”: {
“email”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
},
“nameIdentifierProbes”: [
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
]
}.
Could someone suggest what am I missing?

Hi @saravanan109587 !

Could you try out the following scenarios under the SAML2 Web App Settings?

  1. Mapp the “/nameidentifier” and “/emailaddress” claims with the same user property “email”:
{"mappings": {
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
"email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
},
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
  1. Or try removing from “mappings” the
    "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
    so the Settings looks like this:
{
  "mappings": {
    "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
  },
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

You feedback would be appreciated!

1 Like

Dear @marcelina.barycka ,
Thanks for the suggestion, I have tried both the approach still no difference, Getting user id in nameidentifier.

{
  "mappings": 
       {
      "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
      "email": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", 
                "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"]
      },
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}
 <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|6579222a50a7dcd591899f34</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-02T18:27:46.773Z" Recipient="https://manage.auth0.com/tester/samlp"/>
      </saml:SubjectConfirmation>
    </saml:Subject>

Dear @marcelina.barycka ,
Sorry it was my mistake that i have enabled both SAML and WS-Fed hence it was not reflecting. When i disable WS-Fed addon it worked.
Thanks.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.