Pass Parameters to Custom SAML Identity Providers (IDPs)

Feature: Pass Parameters to Custom SAML Identity Providers (IDPs)

Description: Auth0 can pass dynamic parameters to an Identity Provider during authentication. However, this is not supported for SAML connections.

Use-case: We would like users to be able to log in to our website from a range of SAML IDPs. Since we are required to support a large number of different SAML IDPs, having a separate connection for each IDP is not feasible. Instead, we have introduced a service to sit in between Auth0 and a federation of SAML IDPs. Our service needs to know which IDP in the federation to send a SAML request to based on an entity ID. However, there is currently no way for us to configure Auth0 to pass this information through to our service when initiating a SAML request. At the moment we are leveraging cookies to make the entity ID available, although this is a little awkward for us since our SAML connection in Auth0 can only be configured with a single sign-in URL. We therefore have had to make sure that whatever cookie we set, is done so on the same top-level domain as the configured sign-in URL. Since our website is served on multiple TLDs, this means we need to perform some additional redirects prior to calling Auth0’s /authorize endpoint in order to make the entity ID available. It would be really nice if there was some mechanism to pass this information through via Auth0.