Problem Statement
We are currently using Auth0 as our identity provider for all our platforms and are planning to use the same for our new Learning Management System (LMS) to provide a Single Sign On experience. The LMS implementation team has told us we need to map email instead of the user id in the Subject’s NameID field.
So it should be like the following;
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">test@test.com</saml:NameID>
...redacted
</saml:Subject>
instead of
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|636172fecba08c63c2accccc</saml:NameID>
...redacted
</saml:Subject>
Solution
In the Subject’s NameId attribute we send the user’s user id by default. If it needs to be the user’s email instead, you may overwrite it with the nameIdentifierProbes on the SAML addon settings.
Here is the minimum sample to implement this use case:
{
"mappings": {
"email": "Email"
},
"nameIdentifierProbes": [
"Email"
]
}