SAML - how to map the Auth0 name with the SAML attribut

Get Help
,
1

Hi,

I’ve configured an Enterprise connection via SAML. In the mapping I put :

{
“name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”,
“email”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”,
“given_name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”,
“family_name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname”
}

when the SAML attributes are :

<Attribute Name="http://schemas.microsoft.com/identity/claims/displayname">

XXX

</Attribute>

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">

XXX

</Attribute>

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">

XXX

</Attribute>

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">

xxx@xxx.com

</Attribute>

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">

xxx@xxx.com

</Attribute>

</AttributeStatement>

What ever I put for the attribut “name” for auth0 the user id alway created with name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Every other variable have the correct value (given_name, email,…)

Can you help me force another value than “name” for the name ?

Thx

2

Hello!

That’s a very specific issue. Auth0’s SAML configuration has a hardcoded mapping where the name attribute will always be sourced from the claim, regardless of your other attribute mappings. Since this behavior cannot be changed directly, the best solution is to use a Rule in Auth0. By creating a simple JavaScript rule, you can post-process the user profile after authentication and overwrite the name attribute with a custom value, such as a combination of given_name and family_name, giving you the control you need.

3

Got it ! I’ll try to do this with a rule.

Thank you for your answer !