Skip to content

feat: SAML #1192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 50 commits into
base: 11.2
Choose a base branch
from
Open

feat: SAML #1192

wants to merge 50 commits into from

Conversation

@sattvikc
Copy link
Collaborator

@sattvikc sattvikc commented Oct 13, 2025

Summary of change

(A few sentences about this PR)

Related issues

  • Link to issue1 here
  • Link to issue1 here

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your
changes work. Bonus points for screenshots and videos!)

Documentation changes

(If relevant, please create a PR in our docs repo, or create a checklist here
highlighting the necessary changes)

Checklist for important updates

  • Changelog has been updated
    • If there are any db schema changes, mention those changes clearly
  • coreDriverInterfaceSupported.json file has been updated (if needed)
  • pluginInterfaceSupported.json file has been updated (if needed)
  • Changes to the version if needed
    • In build.gradle
  • If added a new paid feature, edit the getPaidFeatureStats function in FeatureFlag.java file
  • Had installed and ran the pre-commit hook
  • If there are new dependencies that have been added in build.gradle, please make sure to add them
    in implementationDependencies.json.
  • Update function getValidFields in io/supertokens/config/CoreConfig.java if new aliases were added for any core
    config (similar to the access_token_signing_key_update_interval config alias).
  • Issue this PR against the latest non released version branch.
    • To know which one it is, run find the latest released tag (git tag) in the format vX.Y.Z, and then find the
      latest branch (git branch --all) whose X.Y is greater than the latest released tag.
    • If no such branch exists, then create one from the latest released branch.
  • If added a foreign key constraint on app_id_to_user_id table, make sure to delete from this table when deleting
    the user as well if deleteUserIdMappingToo is false.
  • If added a new recipe, then make sure to update the bulk import API to include the new recipe.

Remaining TODOs for this PR

  • Item1
  • Item2

@sattvikc
fix: outline
b252276
@sattvikc
fix: login redirect impl
5b417ba
@sattvikc
fix: handle SAML callback
ac34056
@sattvikc
fix: saml cert management
fccac84
@sattvikc
fix: authn request signing
4687aab
@sattvikc
fix: working login for azure
3ba6f01
@sattvikc
fix: save idp entity id
d886810
@sattvikc
fix: use client id from relay state info
faf51af
@sattvikc
fix: create or update saml client
6ddd9b6
@sattvikc
fix: generate clientId
b12325b
@sattvikc
fix: list SAML Clients
6ae7118
@sattvikc
fix: remove saml client
dac3293
@sattvikc
fix: saml callback and token
ea53cc0
@sattvikc
fix: idp flow
86553f6
@sattvikc
fix: remove unnecessary logging
f6e0870
@sattvikc
fix: apis to work like boxy
f93b4e4
@sattvikc
fix: add support for legacy SAML ACS URL and enhance SAML client mana…
75b4ae7 
…gement
@sattvikc
fix: enforce public tenant in legacy APIs
37910ff
@sattvikc
fix: client secret checking in legacy API
eaf3600
@sattvikc
fix: cronjob to cleanup saml codes
4c384c0
@sattvikc
fix: tests
cffb56d
@sattvikc
fix: version update
30cbf80
@sattvikc sattvikc self-assigned this Oct 13, 2025
sattvikc
sattvikc commented Oct 15, 2025
View reviewed changes
src/main/java/io/supertokens/webserver/api/saml/CreateOrUpdateSamlClientAPI.java Outdated
try {
SAMLClient client = SAML.createOrUpdateSAMLClient(
getTenantIdentifier(req), getTenantStorage(req),
clientId, clientSecret, spEntityId, defaultRedirectURI, redirectURIs, metadataXML, metadataURL, allowIDPInitiatedLogin);
Copy link
Collaborator Author

@sattvikc sattvikc Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove URL, and make metadataURL call in node SDK

sattvikc
sattvikc commented Oct 15, 2025
View reviewed changes
src/main/java/io/supertokens/saml/SAML.java
}

// Check NotOnOrAfter
if (assertion.getConditions() != null && assertion.getConditions().getNotOnOrAfter() != null) {
Copy link
Collaborator Author

@sattvikc sattvikc Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see what can be done for replay protection for IDP flow

sattvikc
sattvikc commented Oct 15, 2025
View reviewed changes
src/main/java/io/supertokens/saml/SAML.java

var claims = extractAllClaims(response);

String code = UUID.randomUUID().toString();
Copy link
Collaborator Author

@sattvikc sattvikc Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need a default value for spEntityId (maybe in the Backend SDK)

@sattvikc sattvikc changed the base branch from 11.1 to 11.2 October 29, 2025 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sattvikc sattvikc

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sattvikc