SetCustomClaim returns a claim with attribute name containing semicolons instead of dots

I’m trying to return claims to a SAML2-client that include a custom claim “”.
The response returned to the client contain a claim with name containing semicolons like “;example;com/favorite_color” or “https://myapp;example;com/favorite_color”, depending on the mapUnknownClaimsAsIs-setting. Se code and return belove.


  1. How do I set a custom namespaced claim in my onExecutePostLogin-action?
  2. Are there any other settings I need to set on my application?

exports.onExecutePostLogin = async (event, api) => {
const namespace = ‘’;

if (event.authorization) {
// Set claims
api.idToken.setCustomClaim(${namespace}/favorite_color, ‘blue’);

Result (first with mapUnknownClaimsAsIs=true):
<saml:Attribute Name=“https://myapp;example;com/favorite_color” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:uri”>
<saml:AttributeValue xsi:type=“xs:string”>blue</saml:AttributeValue>

<saml:Attribute NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:uri” Name=“;example;com/favorite_color”>
<saml:AttributeValue xsi:type=“xs:string”>blue</saml:AttributeValue>

Hi @ivar.skjoldnes

Welcome to the Auth0 Community.

Actions does not currently support the altering of SAML response mappings as per our docs here

You can use Rules though until Actions reaches parity.

Assume I have the following metadata configured against a user account:

I can add these values into the SAML response that I send out via a rule like this:

function mapSamlAttributes(user, context, callback) {
  context.samlConfiguration.mappings = {

  callback(null, user, context);

This results in the below when I perform a login via SAML using the same user account:

I hope this helps.

Warm regards.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.