SAML Mapping issues - nested JSON mapping possible?

Just created a SAML connection, and the users are logging in and showing up as Empty (empty) in the user logs. Namely, I want the email attribute, which is missing.

I realize this is probably a SAML attribute mapping issue, so I follow the guides that mention SAML attribute mapping. I look at one user’s raw JSON:

{
    "authenticationmethod": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
    "created_at": "yyyy-mm-dd...",
    "identities": [
        {
            "user_id": "connection_name|abc@example.com",
            "provider": "samlp",
            "connection": "connection_name",
            "isSocial": false
        }
    ],
    "issuer": "...",
    "name": "",
    "nameIdAttributes": {
        "value": "abc@example.com",
        "Format": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
    },
    "nickname": "",
    "picture": "https://cdn.auth0.com/avatars/default.png",
    "sessionIndex": "...",
    "updated_at": "2020-11-17T00:57:27.908Z",
    "user_id": "samlp|connection_name|abc@example.com",
    ...
}

So what I think I want to do is to add a custom mapping to the saml connection. The email attribute is at nameIdAttributes[value], so I try to put the following in the mapping json:

{
  "email": "nameIdAttributes"["value"]
}

But the editor won’t allow me to save as it’s not valid JSON. Is there another way to get the email attribute? I see that it’s also part of the user_id (“abc@example.com”) - is there a way to get the email out of the user_id?

Would appreciate any pointers here! Thanks.

Hey @julienc,

The SAML mapping comes from the SAML response sent to Auth0 by the SAML IDP, if you capture a HAR file ( https://auth0.com/docs/troubleshoot/har) we can see the SAML response, in the SAML response we should be able to see the SAML attributes sent by the IDP, the attribute which contains the email can be mapped with the “email” attribute. Users raw JSON will not reflect the attribute correctly.

Can you DM me the HAR file, I can have a look for you as well.

Thanks,
Sid

1 Like

Hey Sid,

Thanks for the reply. Will take a look at the HAR file and DM you if I can’t figure that out…

Thanks!

1 Like

Sure, let me know if you face any hiccups!

Was there a solution? I’m running into this exact same problem.