Last active
December 4, 2020 17:08
-
-
Save nicosabena/a6d35844150901b00cc6c39ed5103b19 to your computer and use it in GitHub Desktop.
Rule to configure claims for the WS-Fed Add on token generated by Auth0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function (user, context, callback) { | |
// only apply changes for the WS-Fed application | |
if (context.clientName !== 'Your ws-fed application name') { | |
return callback(null, user, context); | |
} | |
// exclude the upn claim creation (defaults to true) | |
context.samlConfiguration.createUpnClaim = false; | |
// exclude the identities array (defaults to true) | |
context.samlConfiguration.mapIdentities = false; | |
// exclude claims that were not explicitely mapped (defaults to true) | |
context.samlConfiguration.passthroughClaimsWithNoMapping = false; | |
// this is the default mapping. Remove or change as you like. | |
// Note that the key (left side) is the attribute name (namespace-qualified) | |
// and the value (right side) is the property name from the user object. | |
// you can also use transient values from the user object. E.g. | |
// user.calculated_field = <some expression>; | |
// then add this mapping: | |
// 'some_claim': 'calculated_field', | |
context.samlConfiguration.mappings = { | |
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier': 'user_id', | |
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': 'email', | |
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'name', | |
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname': 'given_name', | |
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname': 'family_name', | |
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn': 'upn', | |
'http://schemas.xmlsoap.org/claims/Group': 'groups' | |
}; | |
callback(null, user, context); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment