Skip to content

Instantly share code, notes, and snippets.

@saltukalakus
Last active February 27, 2023 18:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save saltukalakus/210685aab42bae0151c687d704af5eae to your computer and use it in GitHub Desktop.
Save saltukalakus/210685aab42bae0151c687d704af5eae to your computer and use it in GitHub Desktop.
How to insert AssertionConsumerServiceURL (ACS) in AuthN when Auth0 is the SAML service provider. (a.k.a. SAML enterprise connection)
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
AssertionConsumerServiceURL="https://demo-saml-sp.auth0.com/login/callback"
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>
@saltukalakus
Copy link
Author

Screen Shot 2020-12-04 at 16 45 53

@saltukalakus
Copy link
Author

saltukalakus commented Dec 4, 2020

Sample decoded AuthN with HTTP-Redirect binding with the above configuration. If you will be using a Custom Domain for the login domain, you need to change AssertionConsumerServiceURL accordingly.

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://demo-saml-idp.auth0.com/samlp/3vOzusggp1BUM5P0qvDlMuOHP4fen0wd" AssertionConsumerServiceURL="https://demo-saml-sp.auth0.com/login/callback" ID="_1df14c838fad5191c6525e7bc90c6c62" IssueInstant="2020-12-03T22:52:58Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:auth0:demo-saml-sp:TestSP</saml:Issuer></samlp:AuthnRequest>

@nicosabena
Copy link

You can also replace @@AssertServiceURLAndDestination@@ with two separate template variables @Destination and @AssertionConsumerServiceURL so that you don't hardcode any value:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    Destination="@@Destination@@"
    AssertionConsumerServiceURL="@@AssertionConsumerServiceURL@@"
    ID="@@ID@@"
    IssueInstant="@@IssueInstant@@"
    ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment