Feature: Map SAML attributes into app_metadata and user_metadata
Description: When Auth0 is acting as a SAML Service Provider, it can be configured to map attributes from the login response to root level properties of the user like email and given_name. However, it is not possible to map attributes into app_metadata or user_metadata. The following error is presented:
Fields with \".\" are not allowed, please remove all dotted fields. Example: options.fieldsMap.user_metadata.some_attribute
Use-case: Our use case is fairly niche and a little involved. In short, we are building a SAML service to sit in between Auth0 and a federation of SAML identity providers (Shibboleth), so that our users can log in with any one of the Identity Providers in the Federation. It works fairly well, but we would like to add the entity ID of the Identity Provider that was used to each user in Auth0, so we can track which Identity Provider each user comes from. At the moment, we are using the workaround presented here to put the entity ID in the app_metadata, but this isn’t ideal.