I am trying to implement SSO (Single-Sign-On) in my app using auth0. What I want to do is to ask the user for an email address and then redirect them to the email domain provider to sign in without asking for the password. Here the email domain provider can be any of generally available like Google, Microsoft, Apple, or any custom email domain provider (let’s say someone@example.com, here detect example.com’s email domain provider which is google so take him to google for login). After that, the user will sign in to the domain with an email and password. And when he signs in successfully then authenticate the user back on my system.
Auth0 gives support for social logins and custom logins by showing their buttons. All I want to ask users on the first page is for their email address and then detect their email domain provider, redirect them there, and then log the user into it.
Is there any way on auth0 through which this can be achieved? In auth0-react sdk.
Hi @hasan.sarwar , there isn’t a way to do this natively within the auth0-react SDK I’m afraid.
You can pass a connection query string parameter with the /authorize request however to take the user straight to the relevant IdP, so you could request the user’s email and perform the mapping within your app, and then pass the relevant connection value to loginWithRedirect
:
The Universal Login page also supports Home Realm Discovery, but only for Enterprise connections:
Hey @sgo, now i am trying to test the Home Realm Discovery. I tried with google workspace and that worked fine but SAML is causing error. I have configured it with SSOCircle. ATM i have done the certificate and routing parts according to the guide but when the user is redirected after authenticating from SSOCircle to my my local, it is giving me error “error=access_denied&error_description=Invalid%20thumbprint%20(configured%3A%20634AB4651FCA2F623563BE32EDA32DE565219118.%20calculated%3A%20BDEBFBFBA786C2D97F2125274793E32643358E81)”. Can you be so kind and tell me that which part am i missing which is causing this error. And what is the fix for this error.
It sounds like you have an x509 signing certificate mismatch between what you have uploaded to the connection and what is being presented by SSOCircle. The error is indicating that Auth0 is comparing the thumbprints of these certificates and seeing they are different.
I would recommend double-checking which certificate you are uploading to your SAML connection and its format, this should be the SAML IdP’s public certificate they send with their SAML responses.
I’ve tried several times now
1-> downloading the SSOCircleCACertificate from SSOCircle and then uploaded that to x509 signature in SAML of auth0
2-> downloading the metadata from auth0 using my tenant and connection name and then add a new service provider on SSOCircle using that metadata.
3-> Toggling Sign request and repeating above 2 points in alternate order
But still is showing me the same error of invalid thumbprint. I am still not able to figure what the issue here is.
Edit: It worked, what worked is that i made a cert file with public idp Signing and Encryption Certificate and then ran open ssl command to convert it to acceptable format for auth0 (i.e. openssl x509 -in encode64.cer -outform PEM -out encodeSSO.pem). Thanks @sgo
I’m glad to hear that, and thanks for sharing your working for others who might run into the same kind of issue!