I am looking for ways to integrate redash with auth0. Anyone with relevant experience or ideas, please comment on this thread.

TIA
Chiddu

1 Like

Auth0 supports SAML, no?

Yes it does. Configured redash for saml as per this document.Added two parameters to the .env file ,
REDASH_SAML_METADATA_URL and REDASH_SAML_CALLBACK_SERVER_NAME

However , the redash server seems to take outrage at the fact that the tag saml:AudienceRestriction is empty.

I meant the tag AudienceRestriction

We managed to get this working - you will need to use the following configuration within Auth0:

  • Create a traditional webapp
  • Under add-ons, enable SAML2
  • In the SAML2 config use the following call back url:
https://[YOUR_REDASH_HOSTNAME]/saml/callback?org_slug=default
  • In the SAML2 config use the following settings JSON:
{
  "mappings": {
    "given_name": "FirstName",
    "family_name": "LastName"
  },
  "passthroughClaimsWithNoMapping": false,
  "includeAttributeNameFormat": false
}

Within Redash, use the following config:
SAML Metadata URL: https://[YOUR_TENANT_HOSTNAME]/samlp/metadata/[CONNECTION_ID]
SAML Entity ID: urn:auth0:[YOUR_TENANT_NAME]:[CONNECTION_NAME]
SAML NameID Format: EmailAddress

2 Likes

Thank you for sharing this!

1 Like

Hi! Thanks a lot for this information, I had to tweak this a bit as we don’t have an identity provider connection in Auth0, so we don’t have given_name or family_name for the mappings. I had to give it 2 other string variables it has. It isn’t the cleanest, but I used:

"mappings": {
    "nickname": "FirstName",
    "name": "LastName"
},

Also, the SAML NameID Format that worked for me was Email.

2 Likes

Thanks for this! Hoping to improve our SAML implementation and docs as well so this doesn’t need to be as cryptic :confused:

1 Like

Hey,
Came back to this after a bit, and I noticed that with the Auth0 users all have the id given by Auth0 as their email. Strings that look like auth0|12345678123456. The problem is that when I try to add users to different groups, the UI requires an email containing a @ sign.
I can work around this and set it directly in the DB, but it’s very inconvenient.

What am I missing? I’ve been trying to change the SAML NameID Format without any luck.

Thanks!

Yeah that doesn’t sound convenient at all -.-

I don’t think this requires a change in Redash. The problem is Auth0 is providing their uid instead of an Email address. I don’t think changing the SAML NameID Format will fix it. You need to instead update your mappings in Auth0 so that a user’s email address is supplied to the NameID field when the user is created.

Hello,
For that I found a solution:
you need to put in SAML settings the array of “nameIdentifierProbes” like this =>

{
  "mappings": {
    "nickname": "FirstName",
    "name": "LastName"
  },
  "passthroughClaimsWithNoMapping": false,
  "includeAttributeNameFormat": false,
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

By default this array include the user_id in first position

1 Like