One of our clients will authenticate their users internally into an intranet, and once the user is authenticated will send out a SAML token.
We want to know if there’s a way to set up Auth0 as the receptor of that SAML token, validate it, and call the login callback endpoint in our client application passing a JWT. Basically, use the SAML token as the user credentials.
What you describe sounds to be an IDP-Initiated SSO scenario. You should read more about this in the following documentation page section: SAML Configuration
In summary, that would be achievable with the following general steps:
- You configure a SAML connection in accordance to the SAML assertion that will be sent by your client.
- You configure the previous connection to support IDP Initiated login; this would include specifying the client application to which the user would ultimately be redirected and also which authentication protocol should be used.
- You would ensure that your client IDP includes the connection parameter (with the name of the connection you configured) in the ACS (Assertion Consumer Service) URL; this would be the URL where your client would send the SAML token/assertion.
You should read the available documentation on SAML configuration for all the details.