Logins Fail for Particular Connection when Actions are Enabled with Error "cannot unmarshal string"

rueben.tiow · May 16, 2023, 5:45pm

Last Updated: Dec 6, 2024

Overview

Users from one SAML connection are not able to log in. The following error is present in the logs:

json: cannot unmarshal string into Go struct field .event.user.userMetadata of type map[string]interface {}

When actions are disabled, the users can log in.

Applies To

Actions
SAML Connection

Cause

It is important that the field “user_metadata” is not passed by an external IdP. When Auth0 maps user_metadata from a SAML attribute, it converts an object into a string, which can cause this issue.

Solution

Impacted users will need their user_metadata cleared once this is resolved before Actions can function for those users, or if it cannot be resolved on the IdP’s side, turn off profile sync on the connection and clear metadata for all existing users and future users.

Metadata should only be managed by Rules/Actions, Authentication API, Management API, Tenant Dashboard, or the Lock Library.

Related References

Understand How Metadata Works in User Profiles

Topic		Replies	Views
Setting AppMetadata via Action after SAML Authentication Help connections , saml-enterprise-connection	8	1791	January 8, 2024
Cannot Access Mapped SAML Properties inside Custom Action Help saml , rules , auth0-flows	6	5158	January 5, 2022
Map SAML attributes to user_metadata attributes via action Help identifier-first , login-experience	3	1630	September 26, 2024
Actions not working for SAML2 application settings (mapping) as rules Help login-experience , new-universal-login-experience	2	1173	February 22, 2024
Post-login event object is missing several of the user fields Help saml , auth0 , rules , login	2	2838	October 13, 2021