I am looking for ways to integrate redash with auth0. Anyone with relevant experience or ideas, please comment on this thread.
TIA
Chiddu
I am looking for ways to integrate redash with auth0. Anyone with relevant experience or ideas, please comment on this thread.
TIA
Chiddu
Auth0 supports SAML, no?
Yes it does. Configured redash for saml as per this document.Added two parameters to the .env file ,
REDASH_SAML_METADATA_URL and REDASH_SAML_CALLBACK_SERVER_NAME
However , the redash server seems to take outrage at the fact that the tag saml:AudienceRestriction is empty.
I meant the tag AudienceRestriction
We managed to get this working - you will need to use the following configuration within Auth0:
https://[YOUR_REDASH_HOSTNAME]/saml/callback?org_slug=default
{
"mappings": {
"given_name": "FirstName",
"family_name": "LastName"
},
"passthroughClaimsWithNoMapping": false,
"includeAttributeNameFormat": false
}
Within Redash, use the following config:
SAML Metadata URL: https://[YOUR_TENANT_HOSTNAME]/samlp/metadata/[CONNECTION_ID]
SAML Entity ID: urn:auth0:[YOUR_TENANT_NAME]:[CONNECTION_NAME]
SAML NameID Format: EmailAddress
Thank you for sharing this!
Hi! Thanks a lot for this information, I had to tweak this a bit as we don’t have an identity provider connection in Auth0, so we don’t have given_name
or family_name
for the mappings. I had to give it 2 other string variables it has. It isn’t the cleanest, but I used:
"mappings": {
"nickname": "FirstName",
"name": "LastName"
},
Also, the SAML NameID Format that worked for me was Email
.
Thanks for this! Hoping to improve our SAML implementation and docs as well so this doesn’t need to be as cryptic
Hey,
Came back to this after a bit, and I noticed that with the Auth0 users all have the id given by Auth0 as their email. Strings that look like auth0|12345678123456
. The problem is that when I try to add users to different groups, the UI requires an email containing a @
sign.
I can work around this and set it directly in the DB, but it’s very inconvenient.
What am I missing? I’ve been trying to change the SAML NameID Format without any luck.
Thanks!
Yeah that doesn’t sound convenient at all -.-
I don’t think this requires a change in Redash. The problem is Auth0 is providing their uid instead of an Email address. I don’t think changing the SAML NameID Format will fix it. You need to instead update your mappings in Auth0 so that a user’s email address is supplied to the NameID field when the user is created.
Hello,
For that I found a solution:
you need to put in SAML settings the array of “nameIdentifierProbes” like this =>
{
"mappings": {
"nickname": "FirstName",
"name": "LastName"
},
"passthroughClaimsWithNoMapping": false,
"includeAttributeNameFormat": false,
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
By default this array include the user_id in first position