IdP initiated login:
IdP initiated logout:
How is it initiated?
Once initiated, sends the logout request to the callback URL configured at SAML addon callback setting.
function (user, context, callback) { | |
var CLIENTS_WITH_MFA = ['REPLACE_WITH_YOUR_CLIENT_ID']; | |
// run only for the specified clients | |
if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) { | |
// uncomment the following if clause in case you want to request a second factor only from user's that have user_metadata.use_mfa === true | |
// if (user.user_metadata && user.user_metadata.use_mfa){ | |
context.multifactor = { | |
//required |
1-) Creaate a regular Auth0 DB connection with signup option turned off. Let's assume it's named as Auth0DBInitialMetadata.
2-) Set a rule which prevents login in with the Auth0 DB connection above. So that this connection isn't used for login directly unintentionally.
function login(email, password, callback) { | |
const mysql = require('mysql@2.18.1'); | |
const bcrypt = require('bcrypt'); | |
const azureCa = "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9aMQswCQYDVQQGEwJJ\n....\nR9I4LtD+gdwyah617jzV/OeELqYzmp\n-----END CERTIFICATE-----\n"; | |
const connection = mysql.createConnection({ | |
host: configuration.DbHost, | |
user: configuration.DbUser, | |
password: configuration.DbPassword, | |
database: configuration.DbName, |
{ | |
"allowed_clients": [], | |
"allowed_logout_urls": [ | |
"https://##ENV##.myapp.com/logout" | |
], | |
"allowed_origins": [ | |
"https://##ENV##.myapp.com/" | |
], | |
"app_type": "spa", | |
"callbacks": @@example-app-redirect-uri@@, |
/* globals require, configuration */ | |
/** | |
* This script will be executed when the user wishes to change their password to test if the user exists. | |
* This needs a global configuration option with the following properties: | |
* {string} endpointUrl - Site URL with an empty "a0_action" parameter appended. | |
* {string} migrationToken - Migration token found in the plugin settings | |
* {string} userNamespace - Formatted site name to avoid user ID overlapping. | |
* | |
* @param {string} email - User email address, provided on login. |
<EntityDescriptor entityID="urn:saltuk-auth0idp.auth0.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> | |
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | |
<KeyDescriptor use="signing"> | |
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> | |
<X509Data> | |
<X509Certificate>MIIC+jCCAeKgAwIBAgIJM/mSNGTlZt68MA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNVBAMTGXNhbHR1ay1hdXRoMGlkcC5hdXRoMC5jb20wHhcNMTYxMDE0MTQ1MjA1WhcNMzAwNjIzMTQ1MjA1WjAkMSIwIAYDVQQDExlzYWx0dWstYXV0aDBpZHAuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA063hHO/Re8FcsDvQu6CZJi8pO4BahbemEoyYYtEbUPcXaHE47HCXqEESdQLxTw1PDCKIrjtCD+jqhn/yJusJTiQEr2ytvIhmM9spHL+iSQpw9fOTj5PimfQ+pHWJd23lasPJbzd5vZKlQwAbOod2HNSPOl5iWp6v5fqevidRH75T8imctXFd3f1H0q/Y8kUWYzLAbtk6IIhWcfZKG8XXrvtPa4nvmYXw6vnac/TYjdNsBfEZ1/613fL4HoixdU+jZADUswLeCNy4v1Q8pyCbHAh+P+lMW6HIHqVvu9zGv3vkhP5iyuVeFoVGGywqWurNBNWPZkhNFU2UtQhu37W6rwIDAQABoy8wLTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQg1RX34/QPs9ay6NRELbAZcQbDDzANBgkqhkiG9w0BAQUFAAOCAQEAr1+qRB0Abky8d |
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> | |
<title>Sign In with Auth0</title> | |
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> | |
</head> | |
<body> |
const crypto = require("crypto"); | |
let publicKey = `-----BEGIN PUBLIC KEY----- | |
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsoykgfqb0VqzTIDDShJ7 | |
Pa7sg6hV4kmBBof7LLPyvmMdNB/2zNZ3mfEr0Dw+qNinmyVXQ5b/DjwbjHvYQpn9 | |
foiFFDS6fP8ErGkICEN/68JvI/MSEJsbfDxKM/rQTwXVfD+0wxEIRblzW1LMYraO | |
NuCPWgg0UZRmis+8Qcr0vZdf61lyfyaTx0C0bwS/wsJO0yFrIWGMsatYZktbbpPG | |
IOQwqT2VIWfvcKjMcV8OXHNMoVjG6ni3kqXjSPYKaT1qWl4L73/dWKS0IlJJfdYw | |
0hpzDsmgwnsug9KBtfzbreNenVPbMfCUXone8VQZ/0+Eb8iO7JwaPuFld+0Czcsu | |
kG6pmBUwaPk9ISlRNWUkyhUP9q4rUmAzAZgcYPNVWQVZwG/u7X2Jbf7jdsYvvCX3 |
const crypto = require("crypto"); | |
crypto.generateKeyPair( | |
"rsa", | |
{ | |
modulusLength: 4096, | |
publicKeyEncoding: { | |
type: "spki", | |
format: "pem" | |
}, |