[Coming Soon] Auth0 SAML Configuration
Although the legacy Lane IdP is currently the primary method for configuring a SAML integration, VTS will be migrating to using Auth0 as the only IdP. As a result, SAML integrations will also be migrated in early 2025. This will not require any work for customers using existing integrations, but new integrations will be configured with Auth0 as the IdP in the future.
How to Set Up a New Auth0 SAML Integration
Creating a SAML integration using Auth0 as the identity provider is mostly the same as mentioned here except that instead of SAML: Lane as Identity Provider, Auth0 SAML as Identity Provider has to be selected.
VTS requires the following:
- Entity ID
- SAML endpoint
- This is also referred to as the ACS URL or Service URL
- Custom attributes
Please send the request to get setup a request to [email protected].
VTS will provide:
- Entity ID
- Signing Certificate (X.509)
- If required: SAML metadata
Sample Auth0 SAML Assertion
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9bba369dab9778d2cebc" Version="2.0" IssueInstant="2024-08-13T14:07:50.756Z" Destination="http://localhost:3000/sso/auth0/saml">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:viewthespace-moiz.us.auth0.com
</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_w7lVEN2wtX8mwHuUPozk7fkxXdhXMXQc" IssueInstant="2024-08-13T14:07:50.748Z">
<saml:Issuer>urn:viewthespace-moiz.us.auth0.com</saml:Issuer>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_w7lVEN2wtX8mwHuUPozk7fkxXdhXMXQc">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>AFDyQyuG0MR59DuoKLIT4NohvZI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>WEHHrKrPKYmpilupbf1lisRhBRHAj4CGcyt0tCbUemgdHesEpBTthZcldufXxjzm9g1a61SsQwR8+pz2tvT8jtSJs1saRgqKUH4QPPztH8elfS9am+fULwBZqCsr+4tbgeC7xEBd5dkhQmH7g4p85v4Z9G9x11flNqYYfcVlSb+X2wsc9qV06CxHDbbUjOOYIBDvPiaicRCxEP6/OCNg5OHjZhxVfGfL0PWDI0JFOHr99kaBsAJT7KUy5gmh8K65fHy+wvsufEs2UgkhRoY1du7LIcPy80UD1qD2VkvzFA0IqYkwCfBbPVxkyxZopJpidVF7bo+L2t8UuTuLAYkfXQ==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDFzCCAf+gAwIBAgIJQFjP30btykk2MA0GCSqGSIb3DQEBCwUAMCkxJzAlBgNVBAMTHnZpZXd0aGVzcGFjZS1tb2l6LnVzLmF1dGgwLmNvbTAeFw0yNDAyMjcxMDI2NDNaFw0zNzExMDUxMDI2NDNaMCkxJzAlBgNVBAMTHnZpZXd0aGVzcGFjZS1tb2l6LnVzLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKO9REev9tUuHzvPODNHnNP+MAPXhFLTha7fWzLEgH4jVgXGbyDBE5pBYf2R5NoRXAWavzVOmfI+/HcN70X2mrWy/LiXbC9pEw03OLGoJiDk09CN58ffyi5RYdjuzHO4hMSZ/0tyRhnfaGwNg8qnmThxZLZ0vZ0sXifojDH17S2w6mIUyWwyrksc/MskPJobAamhRpU4BzA4nJzGLRTDDw3kaMsOC3dsrzMNEmD6kjJIU7jLhkdzNUc3eydFwtHjZBfDZMWOy1ck7IIJ4a3MyxXJ/Fb13BsKxjwydnBQwZWWryzvW29mozytJU4qyXT4Zlk+eTH6sWMLpqshQcOF6vMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUKIeHv0s1VkP+7p9J43nrWS2uBCAwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQBR+eGvyEUprjmBQiuMR16xi1kjwwrfg2Igmz79infE0WsNHFYMvVK72oARxp7uBEXJ80sn5Oax2g9ffqYSYulIOv19NTtD6dkALwiaLPo9dPy5e19ch1pthBdX35PkUr1Zl3BLyck4Nxo9+y1I+jhIfamTivhXK1atz+5aTcevW3oEcagH8I6nalZbJZOIp0/WZOjC2HE7FSVxEsbDDH9snXHCgOOvI2LQbrgd75M/sDxk97EOML8nQq8BV7sEf7XSwFknomeqlSEihAWy5BxdoA8QjmH8qIJ/wYSFeecPVpNz6Ar9YbKoWPkJRV1tsDA1Bm1+DAu6ybj/c+TDBcu/</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|386f345f-b8b2-4b92-9eb4-967b668ff42e</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2024-08-13T15:07:50.748Z" Recipient="http://localhost:3000/sso/auth0/saml"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2024-08-13T14:07:50.748Z" NotOnOrAfter="2024-08-13T15:07:50.748Z"/>
<saml:AuthnStatement AuthnInstant="2024-08-13T14:07:50.748Z" SessionIndex="_-oz2Xcw_SAtEHkvbNIN4btM8LBeAFEj6">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">auth0|386f345f-b8b2-4b92-9eb4-967b668ff42e</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
Updated 24 days ago