User tags not updated after SAML request

Forum|Forum|1 year ago
May 7, 2024
0 replies
0 views

Abbie11

We are trying to integrate Zendesk with Auth0 for customer SSO.

We are attempting to get user tags to sync from our Auth0 instance to Zendesk. We set the tags in Auth0 through App Metadata and we see the tag “customer” gets sent through the SAML request after user login (copied below). However, we never see the tags get added to the user profile.

This is the code we use in Auth0 to set the attribute:

api.samlResponse.setAttribute(
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/tags',
event.user.app_metadata.tags
);

We know that the attribute is sent successfully because we see below what Zendesk receives and we see tags inside the response (lines 91-95):

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_5a41efaa9aae0cb3580d" InResponseTo="samlr-199cee07-2e5a-49b7-8da0-31c8ec167cab" Version="2.0" IssueInstant="2024-05-07T15:41:41.245Z" Destination="https://parsebiosciences1710795619.zendesk.com/access/saml">
2    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
3        urn:dev-l6a1orosq8unhemk.us.auth0.com
4    </saml:Issuer>
5    <samlp:Status>
6        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
7    </samlp:Status>
8    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_7ZF6LzF5r4X8Yjp30lMd6adskCfzszlS" IssueInstant="2024-05-07T15:41:41.229Z">
9        <saml:Issuer>
10            urn:dev-l6a1orosq8unhemk.us.auth0.com
11        </saml:Issuer>
12        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
13            <SignedInfo>
14                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
15                <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
16                <Reference URI="#_7ZF6LzF5r4X8Yjp30lMd6adskCfzszlS">
17                    <Transforms>
18                        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
19                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
20                    </Transforms>
21                    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
22                    <DigestValue>
23                        opjKrX+knmoRSTdJEmfIk7LvZlLbLzrk1VE3gz/uQ7E=
24                    </DigestValue>
25                </Reference>
26            </SignedInfo>
27            <SignatureValue>
28                b22trBE8QqhE6pxNCMDqR7H0Pwr9b0NkeWMRb597ucd1RLjLj/9o2LLYtGr0JVJImUzi1vdgDVBb9UKwcABDBLKLF8iSjSbpzRww2KMvFxxrLQDGSzjZElqwgsvVD/ZstkV2J/Xzbc3HyQEHXZ7nTBFHScz+rr6ixntd3Mjjmyd2aq4eTeDXwthHPa0REhPkW40wYqXqlYUUqoliFg6+/SvW1Fv8HT545OpiIq9wCyDaXzr3SKH8sx+l5F4JyPVnyJ5iRqb0TVFtzoeoxT4ZejVcdp5LPrU11xWM6c1LKLqP+FuJaPKdpKS6yBpBMaQwD+blVqxtkioBFeIXMlzVfw==
29            </SignatureValue>
30            <KeyInfo>
31                <X509Data>
32                    <X509Certificate>
33                        MIIDHTCCAgWgAwIBAgIJSRJuA7KHr7IwMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMTIWRldi1sNmExb3Jvc3E4dW5oZW1rLnVzLmF1dGgwLmNvbTAeFw0yNDAyMTQxNjM0NDBaFw0zNzEwMjMxNjM0NDBaMCwxKjAoBgNVBAMTIWRldi1sNmExb3Jvc3E4dW5oZW1rLnVzLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqpJCY4bAsuMKY1x/zpryevq3xLt7UZe9xefNS3y+QbjZlbSCplwEw9C7tT7tUlz1AwJPukHIvnKfac3zjWq2D5ZNPZ5remETLCrN4IRg1jxI1zF8gaNsbnPZJBKPyeKi7NRW1NfW80gyJ3zHell+s0mCrGxOK5TxylCIVKoNBEzNOzYr8/4WSBlJjjk3oEkzuU0nd1GULF6TQ8Q8Lt00xlx/dr63NgjmQ2aljF4psmxsvGwWheeYJH1EzJT5flvMVzDftmhAYhipqW7fkO97Rp/bAFGvL11mQJnJ4LEnnpT1ok4jHDOC701NEht8DnFQsKIBCIt1tHOYjb9P5EhA0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUXfFbcoYMLOT7M1wP8FhF0zp0oAowDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQBvfaPId32owebkd36gaxwyL257HGL92T98x9vLsY78X4GUmD4pqt0BadqOlACH/njEbRvg1XF/sr/DxyGkOvDmYWQGyZPQsQpg/UQO6uTPEjzzxF56NS3s86c82MXED3Ng+RdVMj2VzVE9YapVLAgIAiB6UdbKvFraFS3JMVtDKIGSAWHUjzcF1CZKL+toORBGyEDZGBXbQ2/AwYdlsBHSxq4r26XCnR9FiglCd4Xl67jBNYcdv7UwJh1pZ22+mqcbop+MVthKPM01cftqgdgcQ2EA0o/rfTDm6z3Mx9bWmdYUfyfYj/qM5V0C1BhIqGbQfN8LzFIK7bbIvKbnzdcy
34                    </X509Certificate>
35                </X509Data>
36            </KeyInfo>
37        </Signature>
38        <saml:Subject>
39            <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
40                abigailcwise+1@gmail.com
41            </saml:NameID>
42            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
43                <saml:SubjectConfirmationData NotOnOrAfter="2024-05-07T16:41:41.229Z" Recipient="https://parsebiosciences1710795619.zendesk.com/access/saml" InResponseTo="samlr-199cee07-2e5a-49b7-8da0-31c8ec167cab"/>
44            </saml:SubjectConfirmation>
45        </saml:Subject>
46        <saml:Conditions NotBefore="2024-05-07T15:41:41.229Z" NotOnOrAfter="2024-05-07T16:41:41.229Z">
47            <saml:AudienceRestriction>
48                <saml:Audience>
49                    parsebiosciences1710795619.zendesk.com
50                </saml:Audience>
51            </saml:AudienceRestriction>
52        </saml:Conditions>
53        <saml:AuthnStatement AuthnInstant="2024-05-07T15:41:41.229Z" SessionIndex="_KiLMApZpQP-HnLm5ePLs2JMrbR6ww67j">
54            <saml:AuthnContext>
55                <saml:AuthnContextClassRef>
56                    urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
57                </saml:AuthnContextClassRef>
58            </saml:AuthnContext>
59        </saml:AuthnStatement>
60        <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
61            <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
62                <saml:AttributeValue xsi:type="xs:anyType">
63                    abigailcwise+1@gmail.com
64                </saml:AttributeValue>
65            </saml:Attribute>
66            <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
67                <saml:AttributeValue xsi:type="xs:anyType">
68                    abigailcwise+1@gmail.com
69                </saml:AttributeValue>
70            </saml:Attribute>
71            <saml:Attribute Name="http://schemas.auth0.com/identities/default/connection">
72                <saml:AttributeValue xsi:type="xs:anyType">
73                    Username-Password-Authentication
74                </saml:AttributeValue>
75            </saml:Attribute>
76            <saml:Attribute Name="http://schemas.auth0.com/identities/default/provider">
77                <saml:AttributeValue xsi:type="xs:anyType">
78                    auth0
79                </saml:AttributeValue>
80            </saml:Attribute>
81            <saml:Attribute Name="http://schemas.auth0.com/identities/default/user_id">
82                <saml:AttributeValue xsi:type="xs:anyType">
83                    660df5be09e3ce662ee6adaa
84                </saml:AttributeValue>
85            </saml:Attribute>
86            <saml:Attribute Name="http://schemas.auth0.com/identities/default/isSocial">
87                <saml:AttributeValue xsi:type="xs:anyType">
88                    false
89                </saml:AttributeValue>
90            </saml:Attribute>
91            <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/tags">
92                <saml:AttributeValue xsi:type="xs:anyType">
93                    customer
94                </saml:AttributeValue>
95            </saml:Attribute>
96        </saml:AttributeStatement>
97    </saml:Assertion>
98</samlp:Response>

Can you please help us determine why Zendesk doesn't save the tags attribute to the user? Is there a different field that we need to set, instead of tags?

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded