I have a customer application that is using SAML for SSO. The default SAML response from Auth0 is comprehensive, but unneccessary for the customer who just needs the SAML NameID and email value. This post from 3 years ago asked the same question, but had no answer. I’ve not been able to find a way to remove all the default claims. I expected overriding the SAML object with specific mappings object would do so, but it seems those add additional claims.
Some SAML implementations will freak out if you send claims that it does not expect. Is it still the case that you cannot strip out the SAML response claims ?
It should be possible to just send the claims you have mapped:
To prevent those attributes not defined in assertion mappings configuration from being added as assertions, try settting “passthroughClaimsWithNoMapping”: false
To prevent the user identity information, e.g. connection, provider, from being added as assertions, try setting “mapIdentities”: false
You may also need: “mapUnknownClaimsAsIs”: true
You can set those options in dashboard → applications → choose the client as SAML IDP → Addons tab → click SAML2 Web App to open the Settings tab.
Worked like a charm. I had read those settings through a couple of times and it didn’t register at all.