Problem statement
There is a requirements around anonymizing user PII prior to sending it in the SAML assertion.
Solution
Actions can support custom variables / calculated variables to be sent as attributes if required instead of using pre-existing user data. For example, the below shows how to send a redacted nickname claim in the SAML assertion:
exports.onExecutePostLogin = async (event, api) => {
const anonStr = 'Anonymous';
const anonNickname = anonStr + ' ' + anonStr;
api.samlResponse.setAttribute("http://schemas.auth0.com/nickname", anonNickname);
};
User attributes can also be modified at runtime within the context of an individual action, but note that these changes will not persist between different Actions in your flow - the event object is read-only.
exports.onExecutePostLogin = async (event, api) => {
const anonStr = 'Anonymous';
event.user.nickname = anonStr + ' ' + anonStr;
api.samlResponse.setAttribute("http://schemas.auth0.com/nickname",event.user.nickname)
};