I’ve configured a SAML authentication and something is not what I was expecting, so here’s a recap of the flow:
- the user land in oauth0 login page and is redirected to my IdP (in this test case is Azure, but in future I’ll need to configure also SiteMinder)
- the user correctly log into Azure and the SAML response was then sent to auth0
- auth0 correctly create the User with the information retrieved from the SAMLResponse
- the flow ends with a final redirection on my redirect_uri, appending a CODE parameter in the URL’s query string.
(For my experience, I think that the given CODE can be useful to retrieve a token that can help me retrieve the connected user info)
Now the question is:
In order to retrieve, from my redirection uri location (my server), the user that do this flow, how can I do? It seems that the CODE parameter is totally useless, but please let me know.
I also know that if I use my server as ACS and then configure the URL in my IdP, I’ll receive the SAMLResponse and can decode that, but this solution is a bit messy.
Thanks a lot.