Comments (2)
This is the right behavior, actually. What the SDK is doing is expected for any OIDC/OAuth2 client: making sure that the response and its ID token match an authentication request initiated by the app from the same browser.
While Auth0 tries to make a direct SAML-to-OIDC protocol translation, the reality is that OIDC does not have the concept of IdP-initiated flows, and thus any good OIDC SDK that makes the proper validations will reject the response (this is briefly explained at https://auth0.com/docs/protocols/saml/idp-initiated-sso#on-idp-initiated-flows-and-openid-connect)
An alternative flow, if the SAML identity provider supports it, would be to link to your app's login endpoint directly (many idps now support this). The panel in the IdP would link to something like https://yourapp.com/login
, where your app can initiate the authentication (and then the flow would work fine).
You can add a query string parameter in the request to your app's login endpoint (e.g. https://yourapp.com/login?connection=connection_name) so that the IdP can identity themselves. Your app, in turn, should use the connection
parameter when redirecting to Auth0's authorize endpoint (e.g. https://login.molecule.io/authorize?[...]&connection=the_connection_name). By including the connection name in the authorization request Auth0 can send the user directly to the identity provider (without showing the Auth0 hosted login page) and thus the user will get a single sign on.
from omniauth-auth0.
Hey @nicosabena, I'am wondering if this same issue that I'am having is related to this issue. It's a bit strange so I'am wondering if this is the same.
We have a client who gets redirected to their IdP login page from our Auth0 hosted login page. After they log in, our application either says "Idp not enabled" when we have IdP disabled or "csrf detected" when we toggle IdP on.
Any information is appreciated on this :)!
from omniauth-auth0.
Related Issues (20)
- Specifying callback_uri HOT 1
- Ruby in Rails – Redirect to Login HOT 1
- Unable to configure New Universal Login with prompt config HOT 2
- OmniAuth v2.0.0rc1 HOT 3
- Consider mentioning that Turbo should be disabled for login links HOT 3
- How do I logout a user from my client app once his auth0 session has expired? HOT 3
- Scopes not being added to token? HOT 2
- Auth0 Login Button does nothing in Rails 7 unless Turbo is disabled HOT 2
- Redirect to login page from GET request HOT 4
- Rails.application.config_for(:auth0) returns nil HOT 1
- TypeError: incompatible marshal file format (can't be read) format version 4.8 required; 216.25 given HOT 11
- Authentication failure! Signature verification raised: JWT::VerificationError
- Upgraded to omniauth-auth0 3.1.0 but got errors HOT 2
- Improve JWTValidator to also validate access tokens HOT 3
- the auth object does not provides the permissions data and the aud is the client id instead of the audience HOT 1
- Returned Twitter nickname is not same as user's actual Twitter handle HOT 1
- undefined method `split' for nil:NilClass HOT 2
- Redirect to signup HOT 15
- Intermittent CSRF Detected HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omniauth-auth0.