Hi guys,
Has anyone had anyluck configuring Ive taken a look at this Authenticate AWS Client VPN users with SAML | Networking & Content Delivery and configured the aws side, however im unsure of where to go when configuring an app within Auth0 itself.
Any pointers would be helpful!
Thanks,
Richard
Hi @richard.dabreo,
You’re in luck - after much trial and error, I was finally able to get this working yesterday. I hope this helps!
Application Callback URL:
http://127.0.0.1:35001
SAML Settings:
{
"audience": "urn:amazon:webservices:clientvpn",
"passthroughClaimsWithNoMapping": false,
"mapUnknownClaimsAsIs": false,
"mapIdentities": false,
"signResponse": true,
"signatureAlgorithm": "rsa-sha256",
"digestAlgorithm": "sha256",
"typedAttributes": true,
"includeAttributeNameFormat": false,
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
],
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"AuthnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
}
Rule:
Note: You may not need this. I had to split user.name to populate given_name and family_name.
function (user, context, callback) {
if (context.clientID === '<REDACTED>') {
// Run for AWS VPN connections only!
let first = '';
let last = '';
if (user.name && !user.name.includes("@")) {
[first, last] = user.name.split(" ");
}
user.given_name = first;
user.family_name = last;
context.samlConfiguration.mappings = {
"FirstName": "given_name",
"LastName": "family_name",
"memberOf": "groups"
};
}
callback(null, user, context);
}
Hi bmcmanus,
Thanks for posting this!
Best Regards,
Richard
Teamwork makes the dreamwork!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.