AuthHub - Auth0 SAML application claim rules
search cancel

AuthHub - Auth0 SAML application claim rules

book

Article ID: 380865

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

Under Auth0 it is possible to configure a SAML application to point to CloudHealth, and for it to act as an IDP. 

Please following this guide to configure the email, name, and roles claim for an Auth0 SAML app. 

Resolution

To configure the claim rules and ACS URL and Entity ID please follow these steps:

  1. Go to Dashboard > Applications > Applications and either create a new application or click the name of an application to update.

  2. Within the app created navigate to the Addons tab and enable the SAML2 Webapp toggle.

  3. Under the Settings tab set the Application Callback URL to - https://access.broadcom.com/default/saml/v1/sp/acs?sp=53359bda-9a9c-4264-a114-9a246544c372 



  4. Within the Settings section underneath - populate the following - 

    {
  "audience": "https://access.broadcom.com/default",
  "mappings": {
    "email": "email",
    "name": "name"
  },
  "mapUnknownClaimsAsIs": true
}

     

  5. Navigate to the User Management -> Users -> select the users you wish to allow access to Cloudhealth, and populate the following under the App Metadata section under the details tab - 

    {
  "roles": "<IDP Name of CloudHealth role>"
}


    The IDP name for your role if using Classic Roles can be pulled via - https://docs.vmware.com/en/VMware-Tanzu-CloudHealth/SaaS/using-and-managing-vmware-tanzu-cloudhealth/GUID-managing-classic-organizations-if-applicable.html#configure-idp-with-roles-15 -> Custom Roles


    If you're using FlexOrgs, this can be any combination, but would need to be assigned as the SSO Key / Value pair against the Usergroup you wish to map the user to. 

  6. Complete the setup within CloudHealth by providing the Entity ID under Issuer, and the Sign In Endpoint, and Singing Certificate configured for the application. 

    These values can be pulled from Dashboard > Applications > Applications -> Find your SAML app -> Addons tab -> SAML 2 Web App -> Usage. 

     -Issuer aligns with the Issuer field. 
    - Identity Provider Certificate -> Download the Certificate and pull out the X.509 Cert value with the ----Begin Certificate---- and ---End Certificate---- portions. Copy this to the Signing Certificate section.
    - Identity Provider Login URL copy this value into the Sign In Endpoint section. 
Powered by Wolken Software