Tanver-Hasan

Upload custom signing certificate in Auth0 Generic SAML-P Connection

Get or generate a new signing certificate:

openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout saml.key -out saml.crt

Update the script and update the following settings:

	const express = require('express');
	const path = require('path');
	const favicon = require('serve-favicon');
	const logger = require('morgan');
	const cookieParser = require('cookie-parser');
	const bodyParser = require('body-parser');
	const session = require('express-session');
	const dotenv = require('dotenv');
	const passport = require('passport');
	const Auth0Strategy = require('passport-auth0');

	// check every 15 minutes if the SSO session is still active
	setInterval(function() {
	// if the token is not in local storage, there is nothing to check (that is, the user is already logged out)
	if (!localStorage.getItem('userToken')) return;
	auth0.checkSession(function (err, data) {
	if (err) {
	// if we get here, it means there is no session on Auth0,
	// then remove the token and redirect to #login
	localStorage.removeItem('userToken');
	window.location.href = '#login';

-function (user, context, callback) {
-    var ManagementClient = require("[email protected]").ManagementClient;
-    var mgt = new ManagementClient({
-        domain: "{auth0 domain}",
-        clientId: "{client ID}",
-        clientSecret: "{Client secret}",
-        audience: "https://{auth0 domain}/api/v2/"
-    });

	var managementClient = new ManagementClient({
	clientId: '',
	clientSecret: '',
	domain: 'xxx.auth0.com',
	retry: {
	enabled : true
	}
	});


	function (user, context, callback) {
	// console.log(JSON.stringify(user));
	// console.log(JSON.stringify(context));
	const audience = context.request && context.request.body && context.request.body.audience ? context.request.body.audience : null;
	console.log(audience);
	if (audience === "API IDENTIFIER" ){
	console.log("Checking client");
	const whitelistClient = ["Client ID","Client ID"];
	const isValidClient= whitelistClient.some(

	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<meta http-equiv="X-UA-Compatible" content="ie=edge" />
	<title>Sample Application 3</title>
	</head>

	<body>

	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
	<title>Sign In with Auth0</title>
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	</head>
	<body>

	// This rule will get the groups for users coming from Azure AD
	// Auth0 already has the option to do that, but it (currently) won't work
	// if the user is coming from a different directory than the directory
	// where the app is registered (this can happen with multi-tenant apps).
	// It uses the access_token provided by Azure AD, so this needs
	// the 'Open ID Connect' protocol selected in the Azure AD connection.
	//
	// After the rule runs, you will have the 'groups' property in the user
	// that you can use to add custom claims to the id_token.
	//

	Validating ID token

	Audience : Audience should be client id
	Issuer : auth0 domain
	Sigining key : Retrieve form JWKS

	https://auth0.com/docs/tokens/guides/id-token/validate-id-token


	Validating Access token