Set Custom NameIdentifier Attribute in SAML Response from Auth0

travis.evers · October 29, 2024, 8:26pm

Overview

When Auth0 generates a SAML response at the end of the login when Auth0 is acting as the SAML Identity Provider (IdP), it uses the user’s user_id or email as the NameID in the subject. This article explains how to update this to a custom value using a Post-Login Action.

Applies To

Auth0 as a SAML Identity Provider (Using SAML addon)

Solution

To set an attribute in the user’s app_metadata as the NameID (app_metadata.unique_email), for example, as the NameIdentifier, look at the following code in a Post-Login Action:

exports.onExecutePostLogin = async (event, api) => {
  api.samlResponse.setAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier', event.user.app_metadata.company_email);

  api.samlResponse.setNameIdentifierProbes([
    'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier',
    'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
  ]);
}

If the value does not exist in app_metadata, it will fall back to the user’s email. It is also possible to specify a fallback when calling the setAttribute() function above.

Topic		Replies	Views
Adding custom SAML attribute when auth0 is SP JWT.io rules , samlp , saml2	6	10939	December 17, 2018
Mapping user_id from SAML attribute other than subject Help connections , saml-enterprise-connection	4	2506	December 21, 2022
Send Auth0 Id as identifier instead of email after authentication is succesasfully Help	1	4757	December 26, 2019
Adding custom SAML attribute when auth0 is IdP Help saml2	2	4935	January 26, 2022
Access to user information from a SAML-Identity Provider Help samlp , saml2	7	5593	March 7, 2019

Set Custom NameIdentifier Attribute in SAML Response from Auth0

Overview

Applies To

Solution

Related topics