Help with configuration of AWS Client VPN with Saml

Hi guys,

Has anyone had anyluck configuring Ive taken a look at this and configured the aws side, however im unsure of where to go when configuring an app within Auth0 itself.

Any pointers would be helpful!


Hi @richard.dabreo,

You’re in luck - after much trial and error, I was finally able to get this working yesterday. I hope this helps!

Application Callback URL:

SAML Settings:

  "audience": "urn:amazon:webservices:clientvpn",
  "passthroughClaimsWithNoMapping": false,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": false,
  "signResponse": true,
  "signatureAlgorithm": "rsa-sha256",
  "digestAlgorithm": "sha256",
  "typedAttributes": true,
  "includeAttributeNameFormat": false,
  "nameIdentifierProbes": [
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "AuthnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"


Note: You may not need this. I had to split to populate given_name and family_name.

function (user, context, callback) {
  if (context.clientID === '<REDACTED>') {
    // Run for AWS VPN connections only!
    let first = '';
    let last = '';
    if ( && !"@")) {
      [first, last] =" ");
    user.given_name = first;
    user.family_name = last;
    context.samlConfiguration.mappings = {
      "FirstName": "given_name",
      "LastName": "family_name",
      "memberOf": "groups"
  callback(null, user, context);

Hi bmcmanus,

Thanks for posting this!

Best Regards,


Teamwork makes the dreamwork!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.