Hello,
I have an external client who has a SAML identity provider and associated application, let’s call it HealthCare.
We have a Ping One integration currently where an authenticated user clicks on a link in the HealthCare app and then the user is redirected to our application with a token. We call Ping One with the token and it passes back user info.
I need to implement this same thing using Auth0 and I’m getting very confused how to even start.
What I’ve done so far is to set up a SAML connection with the certificate and endpoints derived from the clients identity provider metadata. When I “Try” it, it brings up a login screen at the identity provider, which makes sense to me.
How to I build the logic in Auth0 that takes a validated token passed from the HealthCare app and returns user information I can use to log into my app?
I don’t need to do login, logout, error, etc. I just need to get the user info back given a valid token.
Can someone point me where to start?
My app is a Ruby on Rails app, if that makes any difference.
Thanks!
Allen
I
Hi Allen 
Welcome to the community! 
We have a Ping One integration currently where an authenticated user clicks on a link in the HealthCare app and then the user is redirected to our application with a token. We call Ping One with the token and it passes back user info.
So this sounds like you have an IdP initiated workflow, rather than an SP initiated one. Assuming your application is SAML based, I would recommend you take a look at the Auth0 documentation here which describes how to setup an IdP initiated workflow when using SAML.
How to I build the logic in Auth0 that takes a validated token passed from the HealthCare app and returns user information I can use to log into my app?
With IdP initiated SAML workflow, Auth0 will typically callback to your application with a SAML response. From this, you should be able to obtain information (a.k.a assertions) about the user. You can even add custom assertions via Auth0 extensibility - see here for more details.
I don’t need to do login, logout, error, etc. I just need to get the user info back given a valid token.
SAML protocol support in Auth0 is typically front-channel - i.e. all requests and responses are delivered via the browser. Auth0 doesn’t currently support the likes of SAML Artifact Binding. If you have an absolute requirement to emulate the Ping functionality as described here - which utilises back-channel communications in order to get user information - then an alternative option is to redirect back (to Auth0) in order to obtain an Access Token which your application can use to call the Auth0 /userinfo endpoint. This will leverage the SSO session established with Auth0, so the user will not need to provide first-factor credentials. However it does utilize OAuth2 protocol rather than SAML.
1 Like
Thanks Peter. That cleared things up for me. I was able to create a SAML Identity Provider application in Auth0 and achieve SSO between my apps leveraging the omniauth-saml gem.
The gem has a really nice feature that parses the idp metadata into a SAML settings object ( OneLogin::RubySaml::IdpMetadataParser ).
1 Like