SAML SSO with Auth0¶
Step-by-step guide to integrate Faraday's SAML SSO with Auth0.
Prerequisites: Faraday commercial edition, Auth0 account with admin access. See SAML for general SAML configuration reference.
Configuration Summary¶
| Auth0 Setting | Value |
|---|---|
| Application Callback URL | https://<domain>/_api/saml/acs |
| Application Login URI | https://<domain>/_api/saml/login |
| Allowed Logout URLs | https://<domain>/_api/saml/logout |
| Allowed Web Origins | https://<domain>/ |
| Allowed Origins (CORS) | https://<domain>/ |
| Faraday Setting | Auth0 Source |
|---|---|
| Identity ID | Auth0 SAML addon → Usage tab → Issuer |
| SSO URL | Auth0 SAML addon → Usage tab → Identity Provider Login URL |
| IdP Certificate | Auth0 SAML addon → Usage tab → Identity Provider Certificate (download) |
Replace <domain> with your Faraday server's FQDN throughout.
Step-by-Step Setup¶
Step 1 — Create an Auth0 Application¶
- Navigate to Auth0 and sign in with your admin account.
- In the left menu, go to Applications → Applications.
- Click Create Application.
- Enter a name for the application (e.g., "Faraday").
- Optionally choose an application type.
- Click Create.
Step 2 — Enable the SAML Addon¶
- On your new application page, go to the Addons tab.
- Turn on the SAML2 WEB APP addon.
- The addon configuration page will appear.
Step 3 — Copy IdP Credentials¶
- Click the Usage tab in the SAML addon configuration.
-
Copy the following values for Faraday configuration:
Auth0 Field Faraday Setting Issuer identity_id(Identity ID)Identity Provider Login URL sso_url(SSO URL)Identity Provider Certificate idp_certificate(IdP Certificate — download the file)
Step 4 — Configure the Callback URL¶
- Click the Settings tab in the SAML addon configuration.
-
Enter the Application Callback URL:
https://<domain>/_api/saml/acs -
Click Save.
Step 5 — Configure Application URIs¶
- Back on your application page, go to the main Settings tab.
- Scroll down to the Application URIs section.
-
Fill in the following:
Field Value Application Login URI https://<domain>/_api/saml/loginAllowed Logout URLs https://<domain>/_api/saml/logoutAllowed Web Origins https://<domain>/Allowed Origins (CORS) https://<domain>/ -
Scroll to the bottom and click Save Changes.
Step 6 — Generate SP Certificates¶
On your Faraday server, generate the Service Provider certificate pair:
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 1825 -out certificate.pem
certificate.pem→ SP Certificate in Faraday settingskey.pem→ SP Private Key in Faraday settings
Step 7 — Configure Faraday¶
Apply the settings via CLI:
faraday-manage settings -a update saml
Fill in the prompts:
| Prompt | Value |
|---|---|
enabled |
True |
display_name |
Auth0 (or your preferred label) |
user_role |
pentester (recommended default) |
admin_group |
(optional — Auth0 role/group name for admin mapping) |
attribute_identifier |
email (or the attribute Auth0 sends as the username) |
sso_url |
Identity Provider Login URL from Step 3 |
sp_certificate |
Contents of certificate.pem |
sp_private_key |
Contents of key.pem |
idp_certificate |
Contents of downloaded IdP certificate from Step 3 |
Alternatively, configure via the Web UI at Preferences → Authentication → SAML.
Step 8 — Restart Faraday¶
systemctl restart faraday-server
Step 9 — Test the Integration¶
- Open the Faraday login page.
- Click the SSO button labeled with your
display_name. - Authenticate at Auth0.
- Verify you are redirected back to Faraday with an active session.
Attribute Mapping¶
Auth0 sends SAML assertions containing user attributes. The
attribute_identifier setting tells Faraday which attribute to use as the
username.
Common Auth0 attributes:
| Auth0 Attribute | Description | Use as attribute_identifier |
|---|---|---|
email |
User's email address | Recommended |
name |
Full name | Less common |
nickname |
Auth0 nickname | Avoid (may not be unique) |
To customize attributes in the SAML assertion, edit the Settings tab of
the SAML2 WEB APP addon and modify the mappings object in the JSON
configuration.