Setting up a new SSO with JFrog artifactory/bintray

Hi,
Trying to setup Auth0 as the identity provider for my Artifactory server (JFrog artifactory) and Bintray (and potentially other apps)

I have managed to set both Auth0 and Artifactory up so Artifactory redirects to Auth0 for authentication and Auth0 sends a response back after authentication was successful.

This setup however is failing at the last stage of the authentication that it would not auto-create users on Artifactory because of the following error.

From the system logs I could see Auth0 sent user_id as

auth0|5d3008e58405d70dcd90779b

But Artifactory failed to create user at

2019-07-21 22:20:20,515 [http-nio-8083-exec-3] [ERROR] (o.a.s.SecurityServiceImpl:1552) - Auto-Creation of 'auth0|5d3008e58405d70dcc90778b' has failed, Illegal name character: '|' at index 5: auth0|5d3008e58405d70dcc90778b

Now I am wondering can I configure Auth0 to not send “auth0|” and just the user id???

Any help is appreciated!
Tony

Hi @tony.kuo,

how do you connect Artifactory with Auth0? Is that configured as SAML2 connection or OAuth2/OpenID Connect?

And one question about the connections used within Auth0: do you only use one single database connection, or any other federated connections (i.e. social, Google, Facebook).

Hi @mathiasconradt:
I am using SAML2. I have not tried OAuth2, partly because Bintray does not support it IIRC.

The database connection is the username-password one which comes by default. That’s what I need for now.

SAML is fine. There is no way to change the user_id format that Auth0 uses.

But this might be a possible workaround, especially when only using one database connection (so there should not be any collisions with this approach).

(1)
You can use a Rule to first fetch the user.user_id, cut off the auth| part of just remove the | and store this adjusted value as app_metadata attribute to the user. This could then be an attribute sitting under: user.app_metadata.uid for example

(2)
Next, use this user.app_metadata.uid to map it to the

  context.samlConfiguration.mappings = {
     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "app_metadata.uid", 
     // ...

Here are the related docs:

Also related:

1 Like

Thanks! @mathiasconradt!
That’s very helpful!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.