One of our customers wants to set up SAML using Auth0 as their IdP, so they come to us with settings provided by Auth0, and it fails our validation because their entityId is in the format of urn:auth.tenant.com
I’m dealing with the same problem. We’re connecting to a partner using the generic SAML connection type. The partner is, correctly IMO, marveling at the format of the entityID which looks something like:
entityID="urn:auth0:[TENANT]:[CONNECTION NAME]"
when it seems like the usual way to do this is to use a URL:
entityID="https://[TENANT].auth0.com/
I suspect the SAML 2 spec allows for the colon separated URI but maybe the common practice is to use a URL?
In our case the partner is able to set the entityID to whatever string we are using so we have it working, but it would be useful to known the industry best practice or to be able to set whatever entityID we want.
As the SAML 2 spec does mark the URL as recommended, is there anything in the roadmap to support URL as default (or make it a configuration option instead of an API call)?
I think this is a bug in Auth0. As the original author points out Auth0’s entityID, when using Auth0 as a SAML 2.0 IdP, is invalid according to the spec. It looks like a URN but it doesn’t validate as a URN (Uniform Resource Name - Wikipedia) as it is missing a namespace identifier. Auth0’s entityID is also not an absolute URL. While configuring the entityID would be nice I think this is a bug that should be fixed.