Help with configuration of AWS Client VPN with Saml

Hi guys,

Has anyone had anyluck configuring Ive taken a look at this https://aws.amazon.com/blogs/networking-and-content-delivery/authenticate-aws-client-vpn-users-with-saml/ and configured the aws side, however im unsure of where to go when configuring an app within Auth0 itself.

Any pointers would be helpful!

Thanks,
Richard

Hi @richard.dabreo,

You’re in luck - after much trial and error, I was finally able to get this working yesterday. I hope this helps!

Application Callback URL:

http://127.0.0.1:35001

SAML Settings:

{
  "audience": "urn:amazon:webservices:clientvpn",
  "passthroughClaimsWithNoMapping": false,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": false,
  "signResponse": true,
  "signatureAlgorithm": "rsa-sha256",
  "digestAlgorithm": "sha256",
  "typedAttributes": true,
  "includeAttributeNameFormat": false,
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "AuthnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
}

Rule:

Note: You may not need this. I had to split user.name to populate given_name and family_name.

function (user, context, callback) {
  if (context.clientID === '<REDACTED>') {
    // Run for AWS VPN connections only!
    let first = '';
    let last = '';
    if (user.name && !user.name.includes("@")) {
      [first, last] = user.name.split(" ");
    }
    user.given_name = first;
    user.family_name = last;
    context.samlConfiguration.mappings = {
      "FirstName": "given_name",
      "LastName": "family_name",
      "memberOf": "groups"
    };
  }
  callback(null, user, context);
}
2 Likes

Hi bmcmanus,

Thanks for posting this!

Best Regards,

Richard

Teamwork makes the dreamwork!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.