Remove Default Claims from SAML response


I have a customer application that is using SAML for SSO. The default SAML response from Auth0 is comprehensive, but unneccessary for the customer who just needs the SAML NameID and email value. This post from 3 years ago asked the same question, but had no answer. I’ve not been able to find a way to remove all the default claims. I expected overriding the SAML object with specific mappings object would do so, but it seems those add additional claims.

Some SAML implementations will freak out if you send claims that it does not expect. Is it still the case that you cannot strip out the SAML response claims ?

Hi @niall

Thanks for contacting Auth0 Community.

It should be possible to just send the claims you have mapped:

To prevent those attributes not defined in assertion mappings configuration from being added as assertions, try settting
“passthroughClaimsWithNoMapping”: false

To prevent the user identity information, e.g. connection, provider, from being added as assertions, try setting
“mapIdentities”: false

You may also need:
“mapUnknownClaimsAsIs”: true

You can set those options in dashboard → applications → choose the client as SAML IDP → Addons tab → click SAML2 Web App to open the Settings tab.

More details on this are here:

Warm regards.

Hi Saqib. That’s great information. Thank you for getting back to me. I’ll give that a try now.

That’ll teach me to RTFM :slight_smile: Worked like a charm. I had read those settings through a couple of times and it didn’t register at all.

Many thanks.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.