Overview
Via rules, it is possible to map values from transient user object properties to the SAML response using the SAML addon. Mapping values from the user object is no longer possible with Actions.
Applies To
- Auth0 as SAML IDP
- Mappings
- SAML Addon Mappings.
Cause
Transient user object properties are not mapped to the SAML response in Actions.
Solution
-
To achieve the same result, instead of adding the desired values to the user object, those values have to be added to the ID token as custom claims.
For example:
-
Action’s code:
exports.onExecutePostLogin = async (event, api) => { api.idToken.setCustomClaim('IDTokenClaimName',"Hello!"); };
-
SAML Addon mappings:
{ "mappings": { "IDTokenClaimName": "SAMLResponseAttrName" } }
-
-
Then, the SAML response will include: