I am attempting to connect SAML to my application using Okta as the IDP, and Auth0 as the SP. I have gotten the base connection setup up correct, but I am having trouble getting the SAML Mappings to apply to the user’s profile.
I have setup the example mappings in the ‘Mappings’ tab of the enterprise SAML connection as follows:
{
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"email": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"groups": "http://schemas.xmlsoap.org/claims/Group",
"user_id": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
],
"nickname": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"given_name": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
],
"family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
}
but when I test the app, none of these are applied to the user profile, nor is the user address added to the user’s profile?:
{
"sub": "samlp|ln-dev-okta|me@mydomain.com",
"nickname": "",
"name": "",
"picture": "https://cdn.auth0.com/avatars/default.png",
"updated_at": "2020-09-25T14:00:05.533Z"
}
Ideally I’d like to have the email set to the User’s profile in Auth0, but right now since its not getting set, a new user is created without an email address. Also, is there any way I can intercept the actual SAML response coming into Auth0 so I can inspect the attributes and make sure they’re present?
What am I missing here?