I currently have SSO federation between two Auth0 tenants as part of a proof-of-concept.
The requirement is to ensure that when a SAML assertion is sent to the SP from the IdP that the data is anonymized to ensure PII data remains at the IdP.
I have read documentation on this subject and the suggestion is to have a rule configured on the IdP to override the SAML mappings with the required data.
I have created a rule and it is enabled. Using the Webtask extension logs I can see that my SAML configuration is augmented in the required way.
However, on the SP side I see that during the user login the original_profile data does not contain the SAML assertion I expect, but looks like the standard SAML assertion.
The result is a user is provisioned in the SP with all the PII, which is not the result I am after.
Does anyone have any pointers or suggestions?