Versions Compared

Version Old Version 3 New Version 4
Changes made by

Bridget Almas

Bridget Almas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration Scenario 10

Mimics 8.0 functionality in 8.1 - SUCCESS SEQUENCE

Scenario Description

Email address asserted as username, null value asserted as sso-id , with subsequent specification of a valid sso-id to enable subsequent login after email change.

Precondition

Create a user on CSpace with the email testconfig10@example.com

Auth0 Mappings

Code Block
{
  "mappings": {
    "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  }
}

Relevant SAML Config on CSpace Server (Step 1)

Code Block
<assertion-username-probes>
. <attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
</assertion-username-probes>
<assertion-sso-id-probes>  . 
. <attribute name="http://schemas.auth0.com/nonexistent" /> 
</assertion-sso-id-probes>

Relevant IDP Metadata excerpts (Step 1)

<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">testconfig8@example.com</saml:AttributeValue> </saml:Attribute>

Expected behavior upon initial login

User is found and login succeeds

Relevant SAML Config on CSpace Server (Step 2)

Code Block
<assertion-username-probes>
. <attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
</assertion-username-probes>
<assertion-sso-id-probes>  . 
. <name-id/> 
</assertion-sso-id-probes>

Relevant IDP Metadata excerpts (Step 2)

<saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">auth0|6729603aba7c0c3e1bdf28d5</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2024-11-05T01:50:42.934Z" Recipient="https://manage.auth0.com/tester/samlp"/> </saml:SubjectConfirmation> </saml:Subject>

<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">testconfig8@example>testconfig10@example.com</saml:AttributeValue> </saml:Attribute>

Expected behavior after SAML config change

User is found and login succeeds

Expected behavior after changing email address on Auth0 IdP after SAML config change

User is found and login succeeds