SAML attribute mapping rule not working as expected


I currently have SSO federation between two Auth0 tenants as part of a proof-of-concept.

The requirement is to ensure that when a SAML assertion is sent to the SP from the IdP that the data is anonymized to ensure PII data remains at the IdP.

I have read documentation on this subject and the suggestion is to have a rule configured on the IdP to override the SAML mappings with the required data.

I have created a rule and it is enabled. Using the Webtask extension logs I can see that my SAML configuration is augmented in the required way.

However, on the SP side I see that during the user login the original_profile data does not contain the SAML assertion I expect, but looks like the standard SAML assertion.

The result is a user is provisioned in the SP with all the PII, which is not the result I am after.

Does anyone have any pointers or suggestions?

I have managed to figure my issue out with the help of the following FAQ.

How to map saml attributes when auth0 is the idp in the saml2 addon

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.