We are trying to map SAML response from a Shibboleth IDP into Auth0 user profile. Here is the mapping we added to the Auth0 connection:
However, the mapping seems to work on all attributes except “name” as we can see in this user profile where name is still sourced from the email field:
What are we doing wrong?
Hi @lgernovski
Welcome to the Auth0 Community!
I would recommend double-checking on both the IdP and Auth0’s side if the name of the attribute that you wish to use as the user’s name matches exactly, verify that the IdP does send the value in the SAML Assertion and attempt the connection with a new user. Due to the chosen format for the attributes, it could be possible there has been a slight misspell along the way that is causing the issue, as when looking at the shared images, the mappings seem to be correct.
Leaving these documentations here in case they come in handy:
Let us know if you’ve found a cause on the IdP side, or if this is still ongoing for you.
Best regards,
Gerald
Thanks for the quick response! I’ve enabled the debug mode on the connection and found that the problem is likely caused by the difference in separators. My mapping was using colons (‘:’) in profile attribute name while the IDP was sending periods (‘.”), that is:
I’ve changed this in the colons in mapping to periods and am waiting for the customer to test it (unfortunately, I cannot perform the sign-in on my own).
I am still puzzled, though, as to why Auth0 profile shows colons for that attribute as you can see in image I shared with the original post?
Hi @lgernovski
I appreciate the update on this and am glad you have found this difference! It is very likely to be the cause of the issue, as everything else seemed to be correctly configured. I will be waiting for your confirmation if this was the root cause of the issue and it’s now solved, or if further assistance would be required from our end.
Have a great one!
Gerald
Thank you Gerald!, this worked indeed! I am still curious of the reason for separator mismatch mentioned in the previous message. Could you please comment on the reason for Auth0 profile showing colons in the attribute names where the IDP profile was using periods?
Hi @lgernovski
Thank you for the update, we’re glad to hear this has now been resolved for you ( and it was a simple, but easy to miss, fix ) !
When creating the integration, these values are usually manually set, therefore I believe that either they were changed during the copy-paste process ( it’s possible that a formatting error played a role here and when pasting the value, it got changed without notice - although not related, we’ve previously observed this behaviour when copy-pasting code characters that contained backticks like ` and ’ ) or if these were completely manually set, it might have been human error at play.
I do not see a way of these being correctly set, but then being changed by the system, neither on the Auth0 side nor the IdP side. Apart from this, I am glad that the rest of the integration works well for you, as we have seen some isolated issues when integrating with Shibboleth IdP.
Please do not hesitate to reach out to us for any other issues or requests!
Wishing you a great weekend ahead!
Gerald
