URN as entityId - Auth0 as Idp SAML

One of our customers wants to set up SAML using Auth0 as their IdP, so they come to us with settings provided by Auth0, and it fails our validation because their entityId is in the format of
urn:auth.tenant.com

Now, according to the specification, the value doesn’t seem to be a valid urn
https://tools.ietf.org/html/rfc8141#section-2

Am I missing something, or is there a way for them to modify their EntityId used to connect to our SP?

Hi @marko.milanovic,

Welcome and thank you for posting in Auth0 Community! :tada:

Can you please share what type of connection are you using? There are two kind of protocols, it looks like they are using the Ws-Federation protocol.

We have two connection types that can connect to ADFS:

  • “ADFS” connections (which should really be called “WS-Federation” connection, as that’s the protocol used)
  • SAML connections

They both work because ADFS supports both the WS-Federation and the SAML protocols.

For each connection protocol we have different metadata URLs and entity ID used.

  • SAML:

    • The format of the entity id is “urn:auth0::<connection_name>”
    • The metadata is obtained at https://{your_auth0_domain}/samlp/metadata?connection=<connection_name>
    • Instructions for ADFS set up are here: https://auth0.com/docs/protocols/saml/adfs
  • WS-Federation:

    • The format of the entity id is “urn:auth0:” (the connection name does not appear in there)
    • The metadata is obtained at https://{your_auth0_domain}/FederationMetadata/2007-06/FederationMetadata.xml
    • Instructions for ADFS set up are here: https://auth0.com/docs/connections/enterprise/adfs

Can you please ask your customer to send us the metadata file? You can send me the file in a PM. Thank you!