Auth0 integration

chiddu · April 19, 2017, 7:55am

I am looking for ways to integrate redash with auth0. Anyone with relevant experience or ideas, please comment on this thread.

TIA
Chiddu

arikfr · April 19, 2017, 11:07am

Auth0 supports SAML, no?

chiddu · April 20, 2017, 10:50am

Yes it does. Configured redash for saml as per this document.Added two parameters to the .env file ,
REDASH_SAML_METADATA_URL and REDASH_SAML_CALLBACK_SERVER_NAME

However , the redash server seems to take outrage at the fact that the tag saml:AudienceRestriction is empty.

chiddu · April 20, 2017, 10:51am

I meant the tag AudienceRestriction

madAndroid · March 26, 2019, 5:12am

We managed to get this working - you will need to use the following configuration within Auth0:

Create a traditional webapp
Under add-ons, enable SAML2
In the SAML2 config use the following call back url:

https://[YOUR_REDASH_HOSTNAME]/saml/callback?org_slug=default

In the SAML2 config use the following settings JSON:

{
  "mappings": {
    "given_name": "FirstName",
    "family_name": "LastName"
  },
  "passthroughClaimsWithNoMapping": false,
  "includeAttributeNameFormat": false
}

Within Redash, use the following config:
SAML Metadata URL: https://[YOUR_TENANT_HOSTNAME]/samlp/metadata/[CONNECTION_ID]
SAML Entity ID: urn:auth0:[YOUR_TENANT_NAME]:[CONNECTION_NAME]
SAML NameID Format: EmailAddress

arikfr · March 28, 2019, 7:37am

Thank you for sharing this!

adfineberg · October 26, 2021, 2:00pm

Hi! Thanks a lot for this information, I had to tweak this a bit as we don’t have an identity provider connection in Auth0, so we don’t have given_name or family_name for the mappings. I had to give it 2 other string variables it has. It isn’t the cleanest, but I used:

"mappings": {
    "nickname": "FirstName",
    "name": "LastName"
},

Also, the SAML NameID Format that worked for me was Email.

jesse · October 26, 2021, 3:45pm

Thanks for this! Hoping to improve our SAML implementation and docs as well so this doesn’t need to be as cryptic

adfineberg · January 19, 2022, 4:24pm

Hey,
Came back to this after a bit, and I noticed that with the Auth0 users all have the id given by Auth0 as their email. Strings that look like auth0|12345678123456. The problem is that when I try to add users to different groups, the UI requires an email containing a @ sign.
I can work around this and set it directly in the DB, but it’s very inconvenient.

What am I missing? I’ve been trying to change the SAML NameID Format without any luck.

Thanks!

jesse · January 19, 2022, 8:26pm

Yeah that doesn’t sound convenient at all -.-

I don’t think this requires a change in Redash. The problem is Auth0 is providing their uid instead of an Email address. I don’t think changing the SAML NameID Format will fix it. You need to instead update your mappings in Auth0 so that a user’s email address is supplied to the NameID field when the user is created.

Eyf_Gy · May 22, 2022, 10:08am

Hello,
For that I found a solution:
you need to put in SAML settings the array of “nameIdentifierProbes” like this =>

{
  "mappings": {
    "nickname": "FirstName",
    "name": "LastName"
  },
  "passthroughClaimsWithNoMapping": false,
  "includeAttributeNameFormat": false,
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

By default this array include the user_id in first position

▼Categories

▼Tags

Auth0 integration