Versions Compared

Version Old Version 6 New Version Current
Changes made by

Bridget Almas

Bridget Almas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Test scenarios and setup for testing SSO using Auth0 as an IdP

See also tickets

  • Jira Legacy
    serverSystem Jira
    serverId4f23a7bf-fe0d-390f-9b92-bdff15338913
    keyDRYD-1518

...

  • Jira Legacy
    serverSystem Jira
    serverId4f23a7bf-fe0d-390f-9b92-bdff15338913
    keyDRYD-1683

Basic Setup Instructions

  1. Go to https://auth0.com/

  2. Click the Sign up button

  3. Create an account

  4. In the sidebar, click Applications/Applications

  5. Click Create Application

    • Name: CollectionSpace

    • Application type: Regular Web Applications

  6. Click the Settings tab

  7. In Allowed Callback URLs, enter https://{cspace server}/cspace-services/login/saml2/sso/{your name}-auth0 (replace {cspace server} with the server that is going to use this IdP, and {your name} with some version of your name that has no spaces)

  8. Click the Save Changes button

  9. Click the Addons tab

  10. Turn on SAML2 WEB APP

  11. Click the Settings tab in the pop-up that appears

  12. Make note of the Identity Provider Metadata URL

  13. Click the Enable button

  14. Ask hosting to add the following SSO relying party configuration to the CSpace server you referenced in step 7 (replacing the stuff inside curly braces with appropriate values):

    Code Block
        <relying-party id="{your name}-auth0">
        <name>{your name}'s Auth0</name>
        <icon location="https://cdn.auth0.com/manhattan/versions/1.5422.0/assets/badge.png" />
        <metadata location="{metadata url from step 12}" />
    </relying-party>

    Note that the id above must be the same as the last path element of the URL you entered in step 7.

  15. Wait for the CSpace server to be redeployed and restarted

...

Configuration Scenario 11

Scenario Description

Using untyped Attributes. Email address asserted as username, other id asserted as sso-id with each being asserted in a different attribute

Precondition

Create a user on CSpace with the email testconfig5@example.com

Auth0 Mappings

Code Block
{
  "mappings": {
    "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  }
}

Auth0 Additional Settings

typedAttributes: false (Verify this by using the debug output option in Auth0 and confirm that the attributes are in fact untyped as in the excerpt below)

Relevant SAML Config on CSpace Server

Code Block
<assertion-username-probes>
.<attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
</assertion-username-probes>
<assertion-sso-id-probes>
. <attribute name="http://schemas.auth0.com/identifier" />
</assertion-sso-id-probes>

Relevant IDP Metadata excerpt

<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>testconfig5@example.com</saml:AttributeValue> </saml:Attribute>

<saml:Attribute Name="http://schemas.auth0.com/identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>auth0|6729603aba7c0c3e1bdf28d5</saml:AttributeValue> </saml:Attribute>

Expected behavior upon initial login

User is found and login succeeds

Expected behavior after changing email address on Auth0 IdP

User is found and login succeeds (because attribute that is used for sso-id hasn’t changed)