Just created a SAML connection, and the users are logging in and showing up as Empty (empty) in the user logs. Namely, I want the email attribute, which is missing.
I realize this is probably a SAML attribute mapping issue, so I follow the guides that mention SAML attribute mapping. I look at one user’s raw JSON:
So what I think I want to do is to add a custom mapping to the saml connection. The email attribute is at nameIdAttributes[value], so I try to put the following in the mapping json:
{
"email": "nameIdAttributes"["value"]
}
But the editor won’t allow me to save as it’s not valid JSON. Is there another way to get the email attribute? I see that it’s also part of the user_id (“abc@example.com”) - is there a way to get the email out of the user_id?
The SAML mapping comes from the SAML response sent to Auth0 by the SAML IDP, if you capture a HAR file ( Generate and Analyze HAR Files) we can see the SAML response, in the SAML response we should be able to see the SAML attributes sent by the IDP, the attribute which contains the email can be mapped with the “email” attribute. Users raw JSON will not reflect the attribute correctly.
Can you DM me the HAR file, I can have a look for you as well.
Hey @julienc, Yes HAR file requires the User to record the HTTP network trace on their Browser.
Another way to see the original profile returned by the SAML Idp for a particular SAML connection is to enable the Debug mode on the SAML connection.
Connections → Enterprise → SAML → Your SAML connection → Settings → Debug Mode toggle ON
Once you do that every time the user logs in using SAML connection, you will see a log with Warning Label(Type : w) on your tenant logs which will show the original profile returned.
Given the above, if I want to match the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier to user_name and user_email, do I just go to the connection’s Mapping section and add: