How can I get organizationId in sisense if I use auth0 with SAML 2

sanjoy.pator · April 11, 2023, 7:21am

0

I was trying to integrate auth0 with Sisense using SAML 2. I added the two screens while login so that user will first enter the organization name and then user credentials and password. Now is the issue is I am not able to get the organization name or id in the sisense so that I can use some business logic to show/filter dashboards in sisense using the organizationId. It would be really helpful if someone can tell me how I can get the organizationId while using SAML 2. I tried add this action

I tried adding post Login action to get the organizationId and send it using the api.idToken.setCustomClaim and api.accessToken.setCustomClaim methods

rueben.tiow · April 11, 2023, 6:33pm

Hi @sanjoy.pator,

Welcome to the Auth0 Community!

I understand that you need some help with setting the Organization ID as a custom claim using a Post Login Action.

After reviewing your code snippet and testing this on my side, I managed to get the Organization ID appended to my tokens successfully.

Below is the code snippet I used in my test:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://my-app.example.com';
  if (event.authorization) {
    api.accessToken.setCustomClaim(`${namespace}/organizationId`, event.organization.id);
    api.accessToken.setCustomClaim(`organizationId`, event.organization.id);
  }
};

Please note that custom claims can be appended using namespaced or non-namespaced identifiers.

See the following resources for more details:

I hope this helps!

Please let me know how this goes for you.

Thanks,
Rueben

sanjoy.pator · April 17, 2023, 6:34am

Since I am using auth0 with SAML 2 for sisense.This means that after a user is authenticated, Auth0 sends a SAML response back to Sisense, not ID/Access Tokens. So, instead of adding the organization information as a custom claim to ID/Access Tokens, you’ll just need to add the organization information to the SAML response. You’ll need to do this with a Rule. It’s not supported yet with Actions

So I tried this

function addOrgIdToAccessToken(user, context, callback) {
  // This rule adds the authenticated user's email address to the access token.
	console.log("user log sisense ",user);
  console.log("context log sisense ",context);
  console.log("callback log sisense ",callback);
  console.log("context.organization",context.organization);
  
  let namespace = "http://clinifyhealth.com";
  //context.accessToken[`${namespace}/org`] = context.organization.id;

  //callback(null, user, context);
  // if available, add organization_id to SAML response
    if (context.organization) {
        user.org_id = context.organization;
        context.samlConfiguration.mappings = {
            "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/organization_id": "org_id"
        };
    }
  
  return callback(null, user, context);
}

And after that I got the response as this

user log sisense  {
  name: 'jdoe@foobar.com',
  email: 'jdoe@foobar.com',
  user_id: 'auth0|0123456789',
  nickname: 'jdoe',
  picture: 'http://foobar.com/pictures/jdoe.png',
  identities: [
    {
      provider: 'auth0',
      user_id: '0123456789',
      connection: 'Username-Password-Connection',
      isSocial: false
    }
  ],
  persistent: {}
}
context log sisense  {
  clientID: '123456789',
  clientName: 'MyWebApp',
  connection: 'MyDbConn',
  connectionStrategy: 'auth0',
  protocol: 'oidc-basic-profile',
  request: {
    query: { scope: 'openid' },
    body: {},
    userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36',
    ip: 'X.X.X.X',
    geoip: {
      city_name: 'Buenos Aires',
      continent_code: 'SA',
      country_code: 'AR',
      country_code3: 'ARG',
      country_name: 'Argentina',
      latitude: -34.6072,
      longitude: -58.3875,
      subdivision_code: 'C',
      subdivision_name: 'Buenos Aires F.D.',
      time_zone: 'America/Argentina/Buenos_Aires'
    }
  },
  samlConfiguration: {},
  stats: { loginsCount: 5 },
  accessToken: {},
  idToken: {},
  riskAssessment: {
    confidence: 'low',
    version: '1',
    assessments: {
      UntrustedIP: [Object],
      NewDevice: [Object],
      ImpossibleTravel: [Object]
    }
  }
}
callback log sisense  [Function]
context.organization undefined
The profile is: 
{
  "name": "jdoe@foobar.com",
  "email": "jdoe@foobar.com",
  "nickname": "jdoe",
  "picture": "http://foobar.com/pictures/jdoe.png",
  "user_id": "auth0|0123456789",
  "identities": [
    {
      "provider": "auth0",
      "user_id": "0123456789",
      "connection": "Username-Password-Connection",
      "isSocial": false
    }
  ]
}
The rules context is: 
{
  "clientID": "123456789",
  "clientName": "MyWebApp",
  "connection": "MyDbConn",
  "connectionStrategy": "auth0",
  "protocol": "oidc-basic-profile",
  "request": {
    "query": {
      "scope": "openid"
    },
    "body": {},
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36",
    "ip": "X.X.X.X",
    "geoip": {
      "city_name": "Buenos Aires",
      "continent_code": "SA",
      "country_code": "AR",
      "country_code3": "ARG",
      "country_name": "Argentina",
      "latitude": -34.6072,
      "longitude": -58.3875,
      "subdivision_code": "C",
      "subdivision_name": "Buenos Aires F.D.",
      "time_zone": "America/Argentina/Buenos_Aires"
    }
  },
  "samlConfiguration": {},
  "stats": {
    "loginsCount": 5
  },
  "accessToken": {},
  "idToken": {},
  "riskAssessment": {
    "confidence": "low",
    "version": "1",
    "assessments": {
      "UntrustedIP": {
        "confidence": "low",
        "code": "found_on_deny_list",
        "details": {
          "ip": "1.1.1.1",
          "matches": "1.1.1.1/32",
          "source": "STOPFORUMSPAM-1"
        }
      },
      "NewDevice": {
        "confidence": "low",
        "code": "no_match",
        "details": {
          "device": "unknown",
          "useragent": "unknown"
        }
      },
      "ImpossibleTravel": {
        "confidence": "low",
        "code": "impossible_travel_from_last_login"
      }
    }
  }
}

This didn’t work because I don’t have the organization key in my context object. Do you know how can I add organization key to the context object

system · May 1, 2023, 6:34am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.