From 1a81459e28f44f9a64cc633991f227005cb5128a Mon Sep 17 00:00:00 2001
From: Deepak Prabhakara <deepak@boxyhq.com>
Date: Tue, 30 Aug 2022 23:55:24 +0530
Subject: [PATCH] Fix SAML login (#4037)

* after first login the user is read from the db and hence we need to inspect the `emailVerified` attribute as well.

* fixed mapping documentation for SAML, the current mapping is not right and is causing confusion
---
 apps/web/docs/saml-setup.md               | 8 ++++----
 apps/web/pages/api/auth/[...nextauth].tsx | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/web/docs/saml-setup.md b/apps/web/docs/saml-setup.md
index aaf55207fd..26e7df3bcb 100644
--- a/apps/web/docs/saml-setup.md
+++ b/apps/web/docs/saml-setup.md
@@ -18,10 +18,10 @@ This guide explains the settings you need to use to configure SAML with your Ide
 
 **Mapping Attributes / Attribute Statements:**
 
-id -> user.id
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier -> id
 
-email -> user.email
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> email
 
-firstName -> user.firstName
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname -> firstName
 
-lastName -> user.lastName
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> lastName
diff --git a/apps/web/pages/api/auth/[...nextauth].tsx b/apps/web/pages/api/auth/[...nextauth].tsx
index 28e81dfb15..64d618d9bd 100644
--- a/apps/web/pages/api/auth/[...nextauth].tsx
+++ b/apps/web/pages/api/auth/[...nextauth].tsx
@@ -328,7 +328,7 @@ export default NextAuth({
         if (account.provider === "saml") {
           idP = IdentityProvider.SAML;
         }
-        user.email_verified = user.email_verified || profile.email_verified;
+        user.email_verified = user.email_verified || user.emailVerified || profile.email_verified;
 
         if (!user.email_verified) {
           return "/auth/error?error=unverified-email";