Test SAML connection configuration programmatically

lihua.zhang · August 17, 2023, 10:05pm

Problem statement

I created a new SAML enterprise account in Auth0 and associated it with the Auth0 application using Auth0 SDK / Rest endpoints. However, once the SAML connection is created in Auth0, I could not find any proper API to programmatically test whether the SAML connection is properly configured or not.

But on the Auth0 dashboard, go to the SAML connections and click on ‘Test’, it shows “It Works” on a new page.

How can we do the same thing programmatically through Auth0 Rest Endpoints?

Solution

As per the current design, we don’t have an API to test if a SAML connection is configured properly. The “Try” button on the dashboard just performs an /authorize request in your browser against your tenant’s built-in client ID, which is used for certain tests and fallbacks and should not be used for any other purposes. The request passes the relevant connection parameter to skip straight to the connection’s configured IdP’s login page. Here is the structure of the call:

https://<your_tenant_domain>/authorize?client_id=<your_all_applications_client_id>&response_type=code&connection=<SAML_connection_name>&prompt=login&scope=openid%20profile&redirect_uri=https://manage.auth0.com/tester/callback?connection=<SAML_connection_name>;

The redirect URI brings the response back to your tenant dashboard where it is evaluated to show if it was successful or not.

To summarise, the only way to test a SAML configuration is to attempt a login in a browser, using a valid user account for the SAML IdP, and check for errors or successful login.