Temporarily Editing or Anonymising User Attributes Using Actions for Custom SAML Assertion

rueben.tiow · January 25, 2024, 1:31am

Problem statement

There is a requirements around anonymizing user PII prior to sending it in the SAML assertion.

Solution

Actions can support custom variables / calculated variables to be sent as attributes if required instead of using pre-existing user data. For example, the below shows how to send a redacted nickname claim in the SAML assertion:

exports.onExecutePostLogin = async (event, api) => {
   const anonStr = 'Anonymous';
   const anonNickname = anonStr + ' ' + anonStr;

   api.samlResponse.setAttribute("http://schemas.auth0.com/nickname", anonNickname);
};

User attributes can also be modified at runtime within the context of an individual action, but note that these changes will not persist between different Actions in your flow - the event object is read-only.

exports.onExecutePostLogin = async (event, api) => {
   const anonStr = 'Anonymous';
   event.user.nickname = anonStr + ' ' + anonStr;

   api.samlResponse.setAttribute("http://schemas.auth0.com/nickname",event.user.nickname)
};

Topic		Replies	Views
Is it possible to override user attributes in a post-login action? Help login-experience , new-universal-login-experience	4	414	April 5, 2024
Unlocking more customization in Actions with three new capabilities Announcements rules , hooks , access-token , saml2 , actions , saml-attributes , user-attributes , usermanagement	8	3540	April 9, 2024
Additional SAML Attributes not Present in event.user in Post-Login Action Knowledge Articles actions	1	226	April 26, 2024
Adding Custom SAML Attributes from User Profile to Claims in Custom Action Help saml , protocols	2	1748	May 21, 2023
Map SAML attributes to user_metadata attributes via action Help identifier-first , login-experience	3	1521	September 26, 2024

Temporarily Editing or Anonymising User Attributes Using Actions for Custom SAML Assertion

Problem statement

Solution

Related Topics