Hi Everyone, will be happy to get some help with Auth0 setup. We use one domain (Auth0 tenant) as service provider (SP) and another domain (Auth0 tenant) as identity provider (IdP). There is a SAML Enterprise connection setup between SP and IdP. The login works, user defined in IdP can login in app that is set up in SP. We are using Node.js Express test app generated from the SP domain app. We have 2 problems:
- Logout does not clear the Auth0 session and IdP session, even though
idpLogoutare set in auth config. Since IdP has the same user logged in, we cannot switch to another user
- We need to setup RBAC access for our app and read user’s roles or permissions on login. This should be driven by IdP, so user’s roles and permissions will be set in IdP. This requires creating an API in IdP (so far so good). the question is what should be done on the SP side? Specifying the API as
audiencedoes not work, since the API and users/roles are on the IdP side and the
audiencereflects the SP side.
Any help or pointer to the right documentation will be greatly appreciated!
Thanks in advance.