I am working with my IT department to integrate Auth0 with their Shibboleth IdP SSO software. I am able to log in successfully using the “play” button in the list of SAML enterprise connections, but I get back no user attributes (all fields say “empty”). I spoke to my IT department and they told me that the requests from Auth0 they received are not correctly formatted for them to authorize attribute release, since they authorize attribute releaser by URL, and Auth0 sends the Entity ID “urn:auth0:myorg:conn” instead of a URL (I believe the correct URL would be “https://myorg.auth0.com/login/callback?connection=conn”). For example, in the following log from the Shibboleth IdP:
2018-04-02 08:01:56,824 - INFO [Shibboleth-Audit.SSO:241] - 20180402T120156Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_02fbcadddd306118bad2|urn:auth0:myorg:conn|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://idp.myorg.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_42b9147051399b151d6b1fe3b91297bc|lab5|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport||AAdzZWNyZXQxSU7[...etc]|_9479917446bca8e9775ebf96c183de77|
The Shibboleth IdP expects a URL instead of “urn:auth0:myorg:conn”
Is it possible to configure Auth0 to send the URL directly this way?