Okta
Octa
Customizing SAML responses using Auth0 Actions
Introduction
Auth0 provides the Actions feature, which enables custom logic in authentication and authorization. In August 2023, the following three feature updates were made:
- SAML response customization for logged-in users
- Scope customization in access tokens
- Expanding available user information
This page describes how to customize SAML responses for logged-in users.
For information on customizing the scope of access tokens, see Customizing Access Tokens with Auth0 Actions.
premise
The information regarding functions and settings described on this page is current as of August 2023. For an overview of the Actions function and the basic setting method, please see Token customization using Auth0 Actions function.
Feature update overview
The updated features are as follows.
- SAML response customization for logged-in users
The ability to customize SAML responses regarding logged-in users has been added as an API Object for Login Flow. You can add any attributes to the SAML response, specify the NameID format, customize the SAML token expiration date, etc. For the added API Object (api.samlResponse), please check Actions Triggers: post-login - API Object - Auth0 docs.
Please note that there are limitations to SAML response customization using the Actions function. For more information, please see Actions Limitations - Auth0 docs.
Setting and operation example
This section describes how to customize SAML responses for logged-in users using the Actions function, as well as examples of how to set up and operate the function.
Configuration example: Customizing SAML attributes
In SAML authentication using Auth0 (Splunk Cloud), we introduced customizing SAML responses using the Rules function. This time, we will implement similar processing using the Actions function.
- On the Auth0 management screen, click [Actions] > [Library]
![Select the name of the action to be created, the trigger of the action, and the execution environment, and click [Create].](/business/security/okta/image/okta_cic_actions_dr00-1.png)
- Click [Create Action] > [Build from scratch].
![Select the name of the action to be created, the trigger of the action, and the execution environment, and click [Create].](/business/security/okta/image/okta_cic_actions_dr00-2.png)
- Select the name of the action to be created, the trigger of the action, and the execution environment, and click [Create].
![Select the name of the action to be created, the trigger of the action, and the execution environment, and click [Create].](/business/security/okta/image/okta_cic_actions_dr01.png)
*Only the minimum necessary processing is listed.
exports.onExecutePostLogin = async (event, api) => { if (event.authorization) { api.samlResponse.setAttribute('http://schemas.auth0.com/rolez', event.authorization.roles) } };
![[Deploy]をクリックし、正常に保存されたことを確認](/business/security/okta/image/okta_cic_actions_dr02.png)
![[Apply]をクリックし、正常に反映されたことを確認](/business/security/okta/image/okta_cic_actions_dr04.png)
Working example: Customizing SAML attributes
(Omitted) <saml:Attribute Name=" http://schemas.auth0.com/rolez" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi: type="xs:string"> admin </saml:AttributeValue> </saml:Attribute> (omitted)
in conclusion
This time, we introduced how to customize SAML responses in the Actions feature update. Since the EOL (End of Life) announcement for the Rules/Hooks feature has been made, it is expected that more processes that can be implemented with the Actions feature will continue to be added in the future.
We will continue to update the information as updates are implemented.
reference
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Weekdays: 9:00-17:00
