SAML SP attribute mapping: overriding default mapping

Using Auth0’s SAML Enterprise connection as a SAML SP, I’m having issues overriding the default claims (attribute) mapping

I have done the following

  • given this truncated. Attribute statement in the SAML IdP assertion:
    <AttributeStatement>
      <Attribute Name="http://schemas.microsoft.com/identity/claims/displayname">
        <AttributeValue>Bobby Fisher</AttributeValue>
      </Attribute>
      <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
        <AttributeValue>Jemail@address.com</AttributeValue>
      </Attribute>
    </AttributeStatement>
  • I want to the value of http://schemas.microsoft.com/identity/claims/displayname to populate the name field of the Auth0 profile.

  • I have followed the guide on inspecting incoming SAML attributes and found that the serialised details.original_profile property contains:

{
	"sub": "some_user_id",
	"given_name": "",
	"family_name": "",
	"nickname": "",
	"name": "Jemail@address.com",
	"picture": "",
	"updated_at": ""
  }
  • In my SAML connection’s attribute mapping section, i’ve configured this:
{
  "name":"http://schemas.microsoft.com/identity/claims/displayname"
}
  • and then checked via API that options.fieldsMap contains:
"fieldsMap": {
            "name":  "http://schemas.microsoft.com/identity/claims/displayname"
        }

Even with this configuration, the default http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name is being used as the name value in the Auth0 user’s profile.

Is there a way for me to achieve what I want to do?

2 Likes