Overview
When a SAML IdP is not consistent in the naming convention it uses for attributes in its SAML responses, it can make it hard to reference this in an Action, as the stored attribute could change in name between users.
Applies To
- Actions SAML mapping
Solution
Use an array in the SAML connection’s mapping settings to list all possible variations on a given attribute sent by the SAML IdP.
e.g., the below mapping helps when the casing of the attribute name is inconsistent:
{"given_name": [
"FirstName",
"firstName"
],
"family_name": [
"LastName",
"lastName"
]}
Auth0 will look for the first element in the array within the SAML response, if it is not found, it will move on to the next element in the array and continue until a match is found or there are no more elements to search for.
Unmapped attributes will be added to the root of the user’s profile with the same name that the SAML IdP passed.
Now, when attempting to fetch, for example, the user’s first name in an Action, the Action code can use event.user.given_name to reliably pick up the attribute value.