i am using this doc to provide get custom saml assertion, https://auth0.com/docs/protocols/saml-configuration-options/customize-saml-assertions
and i get the above error when i paste this block
function (user, context, callback) {
user.user_metadata = user.user_metadata || {};
user.user_metadata.color = “purple”;
context.samlConfiguration.mappings = {
“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/color”: “user_metadata.color”, // use user.user_metadata.color as the value
};
callback(null, user, context);
}
so basically i’d need the user and role attached to the role in the custom assertion
2nd question would be to help me understand how to add set of users to the app
Hey @saiprasanna.sastryss, Welcome to the Auth0 community!
For this type of customization, you will need to use the Rules and add the customization there
You can see the example here:
Basic introduction:
User object in rules:
2nd question would be to help me understand how to add a set of users to the app
Are you asking about adding users to the Auth0 tenant?
Regards,
Sid
hi sid,
i did try to the add the customisation provided in the document, i have added a rule and added user to it, i still get the same reply.
regarding 2nd question
no. let me explain a little more. Two parts to this .
i have created a custom application (test app and enabled saml application)
now i have 2 roles role 1 and role 2 and assigned user 1 to role one and user 2 to role 2.so the document says every user under the tenant has access to the app, but i want to restrict only user 1 to the app.
This 2nd question is of a lower priority and i’d love if we can get the first one unblocked
{
// "audience": "urn:foo",
// "recipient": "http://foo",
// "mappings": {
// "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
// "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
// "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
// "given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
// "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
// "upn": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
// "groups": "http://schemas.xmlsoap.org/claims/Group"
// },
// "createUpnClaim": true,
// "passthroughClaimsWithNoMapping": true,
// "mapUnknownClaimsAsIs": false,
// "mapIdentities": true,
// "signatureAlgorithm": "rsa-sha1",
// "digestAlgorithm": "sha1",
// "destination": "http://foo",
// "lifetimeInSeconds": 3600,
// "signResponse": false,
// "typedAttributes": true,
// "includeAttributeNameFormat": true,
// "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
// "nameIdentifierProbes": [
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
// ],
// "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified",
// "logout": {
// "callback": "http://foo/logout",
// "slo_enabled": true
// },
// "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
function (user, context, callback) {
user.user_metadata = user.user_metadata || {};
user.user_metadata.color = "purple";
context.samlConfiguration.mappings = {
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/color": "user_metadata.color", // use user.user_metadata.color as the value
};
callback(null, user, context);
}
}
so this is how my setting looks, FYI @sidharth.chaudhary
Hey @saiprasanna.sastryss, from where are you capturing the settings? This looks like SAML add on tab of the Application.