IdP Initiated SAML Integration - Empty Response from /userinfo

rueben.tiow · February 6, 2024, 11:14pm

Problem statement

The article explains an IdP-initiated SAML flow where /userinfo returns an empty response.

Symptoms

Using localhost/unverified domain in the callback URL.

Cause

In an IdP-initiated flow, Auth0 servers strip scopes inside a token if the callback URL is an unverified domain. When using an unverified domain for testing, like localhost , as the callback URL, tokens from the /userinfo endpoint return an empty response.

Solution

To get a token response with requested scopes, use a verified domain in the callback URL instead of localhost .

Related Resources

Set up IDP-initiated SSO

Topic		Replies	Views
What is "Unverified Domain" in the Context of SAML IdP-Initiated Flow Knowledge Articles saml2 , idp-initiated	1	83	July 2, 2024
Flow for IDP Initiated SSO/SAML Help saml , idp-initiated	2	4597	December 24, 2018
Problem with IdP-initated SAML login flow Help connections , saml-enterprise-connection	0	892	April 11, 2023
Idp initiated SSO clarification Help sso , sso-integration , idp-initiated	2	4527	August 30, 2019
IdP-Initiated SSO flow question Help saml , sso , idp-initiated	1	3806	March 11, 2020