SSO Design Scenarios and SAML Options

Hello Auth0 Community!

I am working to setup SSO capabilities for my organization into a large number of web apps and have encountered a couple of issues. I am going to start by describing my setup, then what I have tried so far then finish up with what I am really looking to accomplish.

My setup
I have a Django web app that uses Auth0 to login. This works perfectly. I have a regular web app defined in Auth0 to accomplish this.

I also have many external APIs my Django app needs to authenticate with in order to query those APIs for data. Those external APIs are not controlled by my organization and require custom SAML configurations for the responses (basically specific field names on the attributes).

What I have tried so far
I have tried adding a rule to my Auth0 app to map the fields. My rule is as follows:

function (user, context, callback) {

context.samlConfiguration.signResponse = true;
context.samlConfiguration.mapUnknownClaimsAsIs = true;
context.samlConfiguration.mappings = {
“email”: “email”,
“nickname”: “user_name”,
“given_name”: “first_name”,
“family_name”: “last_name”,
“groups”: “groups”

callback(null, user, context);

I have tried enabling the SAML2 Web App Addon with the following SAML config:

“signResponse”: true,
“mapUnknownClaimsAsIs”: true,
“mappings”: {
“email”: “email”,
“nickname”: “user_name”,
“given_name”: “first_name”,
“family_name”: “last_name”,
“groups”: “groups”

In addition to those options, I did see this solution, however that would only work for a single SAML API as well (I have 10+ and counting). In addition, my regular Django app does not require a SAML response so all I had to do there was add my development and production environments to the Allowed Callback Urls on the Auth0 application itself.

What I would like
I have two scenarios I need to support with regard to the external APIs. The first is, I need to be able to navigate to the website for the APIs (the frontend) and use a SSO button on that page. This scenario works when I have the SAML2 Web App Addon enabled, but only for the ONE single API I specify with the Application Callback URL (even when the Auth0 application has all the callback urls, the SAML response is only modified for the one I specify within the addon config).

The second scenario is that I need my Django app to query the APIs on behalf of a logged in user. I want to authenticate to my app using Auth0 (this works now) and then use that to authenticate to each of the external APIs. This scenario doesn’t work in any of the things I have tried as of right now.

I am hoping someone in the community with a bit more Auth0 knowledge and help me conceptually define what I need to do. It seems I could define a separate Auth0 app for every external API I want to login to using the SAML2 Web App on each of those apps. However, that seems counterintuitive to single sign on. Is there a better way or a ‘right’ way to accomplish the above goals?

Thank you,

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?