From ac6c7bf0ca4aca5ea185d773fcc488cf5072bd41 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Tue, 16 Sep 2025 18:48:12 +0530 Subject: [PATCH 01/16] fix: saml interfaces --- .../pluginInterface/StorageUtils.java | 8 +++ .../pluginInterface/saml/SAMLClient.java | 55 +++++++++++++++++++ .../pluginInterface/saml/SAMLStorage.java | 31 +++++++++++ 3 files changed, 94 insertions(+) create mode 100644 src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java create mode 100644 src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java diff --git a/src/main/java/io/supertokens/pluginInterface/StorageUtils.java b/src/main/java/io/supertokens/pluginInterface/StorageUtils.java index 0ec0ebdc..3a488c93 100644 --- a/src/main/java/io/supertokens/pluginInterface/StorageUtils.java +++ b/src/main/java/io/supertokens/pluginInterface/StorageUtils.java @@ -24,6 +24,7 @@ import io.supertokens.pluginInterface.multitenancy.MultitenancyStorage; import io.supertokens.pluginInterface.oauth.OAuthStorage; import io.supertokens.pluginInterface.passwordless.sqlStorage.PasswordlessSQLStorage; +import io.supertokens.pluginInterface.saml.SAMLStorage; import io.supertokens.pluginInterface.session.SessionStorage; import io.supertokens.pluginInterface.thirdparty.sqlStorage.ThirdPartySQLStorage; import io.supertokens.pluginInterface.totp.sqlStorage.TOTPSQLStorage; @@ -159,4 +160,11 @@ public static WebAuthNSQLStorage getWebAuthNStorage(Storage storage) { } return (WebAuthNSQLStorage) storage; } + + public static SAMLStorage getSAMLStorage(Storage storage) { + if (storage.getType() != STORAGE_TYPE.SQL) { + throw new UnsupportedOperationException(""); + } + return (SAMLStorage) storage; + } } diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java new file mode 100644 index 00000000..3b49b6fb --- /dev/null +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2025, VRAI Labs and/or its affiliates. All rights reserved. + * + * This software is licensed under the Apache License, Version 2.0 (the + * "License") as published by the Apache Software Foundation. + * + * You may not use this file except in compliance with the License. You may + * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + */ + +package io.supertokens.pluginInterface.saml; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonPrimitive; + +import java.util.List; + +public class SAMLClient { + public final String clientId; + public final String ssoLoginURL; + public final JsonArray redirectURIs; + public final String defaultRedirectURI; + public final String spEntityId; + + public SAMLClient(String clientId, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId) { + this.clientId = clientId; + this.ssoLoginURL = ssoLoginURL; + this.redirectURIs = redirectURIs; + this.defaultRedirectURI = defaultRedirectURI; + this.spEntityId = spEntityId; + } + + public JsonObject toJson() { + JsonObject res = new JsonObject(); + + res.addProperty("clientId", this.clientId); + res.addProperty("defaultRedirectURI", this.defaultRedirectURI); + res.add("redirectURIs", redirectURIs); + + if (this.spEntityId != null) { + res.addProperty("spEntityId", spEntityId); + } + + return res; + } +} diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java new file mode 100644 index 00000000..41dc5daf --- /dev/null +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2025, VRAI Labs and/or its affiliates. All rights reserved. + * + * This software is licensed under the Apache License, Version 2.0 (the + * "License") as published by the Apache Software Foundation. + * + * You may not use this file except in compliance with the License. You may + * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + */ + +package io.supertokens.pluginInterface.saml; + +import java.util.List; + +import io.supertokens.pluginInterface.exceptions.StorageQueryException; +import io.supertokens.pluginInterface.multitenancy.TenantIdentifier; +import io.supertokens.pluginInterface.nonAuthRecipe.NonAuthRecipeStorage; + +public interface SAMLStorage extends NonAuthRecipeStorage { + public SAMLClient createOrUpdateSAMLClient(TenantIdentifier tenantIdentifier, SAMLClient samlClient) throws StorageQueryException; + public void removeSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; + public SAMLClient getSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; + public List getSAMLClients(TenantIdentifier tenantIdentifier) throws StorageQueryException; +} From 5fe0422cd4766e6312b7cbb7f3c1fe7b09942dfe Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 17 Sep 2025 20:10:46 +0530 Subject: [PATCH 02/16] fix: relay state info --- .../saml/SAMLRelayStateInfo.java | 31 +++++++++++++++++++ .../pluginInterface/saml/SAMLStorage.java | 3 ++ 2 files changed, 34 insertions(+) create mode 100644 src/main/java/io/supertokens/pluginInterface/saml/SAMLRelayStateInfo.java diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLRelayStateInfo.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLRelayStateInfo.java new file mode 100644 index 00000000..2d90928e --- /dev/null +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLRelayStateInfo.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2025, VRAI Labs and/or its affiliates. All rights reserved. + * + * This software is licensed under the Apache License, Version 2.0 (the + * "License") as published by the Apache Software Foundation. + * + * You may not use this file except in compliance with the License. You may + * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ + +package io.supertokens.pluginInterface.saml; + +public class SAMLRelayStateInfo { + public final String relayState; + public final String clientId; + public final String state; + public final String redirectURI; + + public SAMLRelayStateInfo(String relayState, String clientId, String state, String redirectURI) { + this.relayState = relayState; + this.clientId = clientId; + this.state = state; + this.redirectURI = redirectURI; + } +} diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java index 41dc5daf..3511c4e7 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -28,4 +28,7 @@ public interface SAMLStorage extends NonAuthRecipeStorage { public void removeSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; public SAMLClient getSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; public List getSAMLClients(TenantIdentifier tenantIdentifier) throws StorageQueryException; + + public void saveRelayStateInfo(TenantIdentifier tenantIdentifier, SAMLRelayStateInfo relayStateInfo) throws StorageQueryException; + public SAMLRelayStateInfo getRelayStateInfo(TenantIdentifier tenantIdentifier, String relayState) throws StorageQueryException; } From 336776e6a165f04f34704fdda3622d51c56e6932 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Tue, 23 Sep 2025 17:26:24 +0530 Subject: [PATCH 03/16] fix: interface updates --- .../pluginInterface/saml/SAMLClaimsInfo.java | 29 +++++++++++++++++++ .../pluginInterface/saml/SAMLClient.java | 10 +++---- .../pluginInterface/saml/SAMLStorage.java | 4 +++ 3 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 src/main/java/io/supertokens/pluginInterface/saml/SAMLClaimsInfo.java diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClaimsInfo.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClaimsInfo.java new file mode 100644 index 00000000..0e489a09 --- /dev/null +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClaimsInfo.java @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2025, VRAI Labs and/or its affiliates. All rights reserved. + * + * This software is licensed under the Apache License, Version 2.0 (the + * "License") as published by the Apache Software Foundation. + * + * You may not use this file except in compliance with the License. You may + * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ + +package io.supertokens.pluginInterface.saml; + +import com.google.gson.JsonObject; + +public class SAMLClaimsInfo { + public final String clientId; + public final JsonObject claims; + + public SAMLClaimsInfo(String clientId, JsonObject claims) { + this.clientId = clientId; + this.claims = claims; + } +} diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java index 3b49b6fb..c903fdce 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -18,11 +18,7 @@ package io.supertokens.pluginInterface.saml; import com.google.gson.JsonArray; -import com.google.gson.JsonElement; import com.google.gson.JsonObject; -import com.google.gson.JsonPrimitive; - -import java.util.List; public class SAMLClient { public final String clientId; @@ -30,13 +26,17 @@ public class SAMLClient { public final JsonArray redirectURIs; public final String defaultRedirectURI; public final String spEntityId; + public final String idpEntityId; + public final String idpSigningCertificate; - public SAMLClient(String clientId, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId) { + public SAMLClient(String clientId, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId, String idpEntityId, String idpSigningCertificate) { this.clientId = clientId; this.ssoLoginURL = ssoLoginURL; this.redirectURIs = redirectURIs; this.defaultRedirectURI = defaultRedirectURI; this.spEntityId = spEntityId; + this.idpEntityId = idpEntityId; + this.idpSigningCertificate = idpSigningCertificate; } public JsonObject toJson() { diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java index 3511c4e7..d46ffb91 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -19,6 +19,7 @@ import java.util.List; +import com.google.gson.JsonObject; import io.supertokens.pluginInterface.exceptions.StorageQueryException; import io.supertokens.pluginInterface.multitenancy.TenantIdentifier; import io.supertokens.pluginInterface.nonAuthRecipe.NonAuthRecipeStorage; @@ -31,4 +32,7 @@ public interface SAMLStorage extends NonAuthRecipeStorage { public void saveRelayStateInfo(TenantIdentifier tenantIdentifier, SAMLRelayStateInfo relayStateInfo) throws StorageQueryException; public SAMLRelayStateInfo getRelayStateInfo(TenantIdentifier tenantIdentifier, String relayState) throws StorageQueryException; + + public void saveSAMLClaims(TenantIdentifier tenantIdentifier, String clientId, String code, JsonObject claims); + public SAMLClaimsInfo getSAMLClaimsAndRemoveCode(TenantIdentifier tenantIdentifier, String code); } From 7085a1f609d253aadeaa6798bd47badf555bf1b6 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Thu, 25 Sep 2025 12:07:55 +0530 Subject: [PATCH 04/16] fix: client json --- .../io/supertokens/pluginInterface/saml/SAMLClient.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java index c903fdce..67fb9c97 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -46,8 +46,10 @@ public JsonObject toJson() { res.addProperty("defaultRedirectURI", this.defaultRedirectURI); res.add("redirectURIs", redirectURIs); - if (this.spEntityId != null) { - res.addProperty("spEntityId", spEntityId); + res.addProperty("spEntityId", spEntityId); + res.addProperty("idpEntityId", this.idpEntityId); + if (this.idpSigningCertificate != null) { + res.addProperty("idpSigningCertificate", this.idpSigningCertificate); } return res; From fe0aa732ab1a8384e3f96ed49ce0c02ce1b203e9 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Fri, 26 Sep 2025 13:02:48 +0530 Subject: [PATCH 05/16] fix: allow idp initiated login --- .../java/io/supertokens/pluginInterface/saml/SAMLClient.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java index 67fb9c97..99a59eeb 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -28,8 +28,9 @@ public class SAMLClient { public final String spEntityId; public final String idpEntityId; public final String idpSigningCertificate; + public final boolean allowIDPInitiatedLogin; - public SAMLClient(String clientId, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId, String idpEntityId, String idpSigningCertificate) { + public SAMLClient(String clientId, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin) { this.clientId = clientId; this.ssoLoginURL = ssoLoginURL; this.redirectURIs = redirectURIs; @@ -37,6 +38,7 @@ public SAMLClient(String clientId, String ssoLoginURL, JsonArray redirectURIs, S this.spEntityId = spEntityId; this.idpEntityId = idpEntityId; this.idpSigningCertificate = idpSigningCertificate; + this.allowIDPInitiatedLogin = allowIDPInitiatedLogin; } public JsonObject toJson() { @@ -51,6 +53,7 @@ public JsonObject toJson() { if (this.idpSigningCertificate != null) { res.addProperty("idpSigningCertificate", this.idpSigningCertificate); } + res.addProperty("allowIDPInitiatedLogin", this.allowIDPInitiatedLogin); return res; } From b1e39dfa1f5575de795456cea2ab129fbd08a3c3 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Fri, 26 Sep 2025 13:13:46 +0530 Subject: [PATCH 06/16] fix: remove saml client --- .../java/io/supertokens/pluginInterface/saml/SAMLStorage.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java index d46ffb91..c2b75ce2 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -26,7 +26,7 @@ public interface SAMLStorage extends NonAuthRecipeStorage { public SAMLClient createOrUpdateSAMLClient(TenantIdentifier tenantIdentifier, SAMLClient samlClient) throws StorageQueryException; - public void removeSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; + public boolean removeSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; public SAMLClient getSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; public List getSAMLClients(TenantIdentifier tenantIdentifier) throws StorageQueryException; From b6708fee3bbe03e1485827f0ae9b5f5b7bf019b7 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Tue, 30 Sep 2025 13:16:34 +0530 Subject: [PATCH 07/16] fix: idp flow --- .../java/io/supertokens/pluginInterface/saml/SAMLStorage.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java index c2b75ce2..63c6c6e1 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -20,6 +20,7 @@ import java.util.List; import com.google.gson.JsonObject; + import io.supertokens.pluginInterface.exceptions.StorageQueryException; import io.supertokens.pluginInterface.multitenancy.TenantIdentifier; import io.supertokens.pluginInterface.nonAuthRecipe.NonAuthRecipeStorage; @@ -28,6 +29,7 @@ public interface SAMLStorage extends NonAuthRecipeStorage { public SAMLClient createOrUpdateSAMLClient(TenantIdentifier tenantIdentifier, SAMLClient samlClient) throws StorageQueryException; public boolean removeSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; public SAMLClient getSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; + public SAMLClient getSAMLClientByIDPEntityId(TenantIdentifier tenantIdentifier, String idpEntityId) throws StorageQueryException; public List getSAMLClients(TenantIdentifier tenantIdentifier) throws StorageQueryException; public void saveRelayStateInfo(TenantIdentifier tenantIdentifier, SAMLRelayStateInfo relayStateInfo) throws StorageQueryException; From c893ce6a5071b8b46687e2becdc165cc21dc763f Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Tue, 7 Oct 2025 15:29:20 +0530 Subject: [PATCH 08/16] fix: add client secret and metadata url --- .../supertokens/pluginInterface/saml/SAMLClient.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java index 99a59eeb..e2ca9df8 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -22,19 +22,23 @@ public class SAMLClient { public final String clientId; + public final String clientSecret; public final String ssoLoginURL; public final JsonArray redirectURIs; public final String defaultRedirectURI; + public final String metadataURL; public final String spEntityId; public final String idpEntityId; public final String idpSigningCertificate; public final boolean allowIDPInitiatedLogin; - public SAMLClient(String clientId, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin) { + public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String metadataURL, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin) { this.clientId = clientId; + this.clientSecret = clientSecret; this.ssoLoginURL = ssoLoginURL; this.redirectURIs = redirectURIs; this.defaultRedirectURI = defaultRedirectURI; + this.metadataURL = metadataURL; this.spEntityId = spEntityId; this.idpEntityId = idpEntityId; this.idpSigningCertificate = idpSigningCertificate; @@ -45,8 +49,14 @@ public JsonObject toJson() { JsonObject res = new JsonObject(); res.addProperty("clientId", this.clientId); + if (this.clientSecret != null) { + res.addProperty("clientSecret", this.clientSecret); + } res.addProperty("defaultRedirectURI", this.defaultRedirectURI); res.add("redirectURIs", redirectURIs); + if (this.metadataURL != null) { + res.addProperty("metadataURL", this.metadataURL); + } res.addProperty("spEntityId", spEntityId); res.addProperty("idpEntityId", this.idpEntityId); From 6f8e40034196c8b22f4f94d27e1c0baeb3a3eb58 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Tue, 7 Oct 2025 22:28:21 +0530 Subject: [PATCH 09/16] fix: cleanup query --- .../io/supertokens/pluginInterface/saml/SAMLStorage.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java index 63c6c6e1..5a255925 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -35,6 +35,8 @@ public interface SAMLStorage extends NonAuthRecipeStorage { public void saveRelayStateInfo(TenantIdentifier tenantIdentifier, SAMLRelayStateInfo relayStateInfo) throws StorageQueryException; public SAMLRelayStateInfo getRelayStateInfo(TenantIdentifier tenantIdentifier, String relayState) throws StorageQueryException; - public void saveSAMLClaims(TenantIdentifier tenantIdentifier, String clientId, String code, JsonObject claims); - public SAMLClaimsInfo getSAMLClaimsAndRemoveCode(TenantIdentifier tenantIdentifier, String code); + public void saveSAMLClaims(TenantIdentifier tenantIdentifier, String clientId, String code, JsonObject claims) throws StorageQueryException; + public SAMLClaimsInfo getSAMLClaimsAndRemoveCode(TenantIdentifier tenantIdentifier, String code) throws StorageQueryException; + + public void removeExpiredSAMLCodesAndRelayStates() throws StorageQueryException; } From a32ec5e352562ee491fe80c4f23ae00f6384cfdd Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Mon, 13 Oct 2025 13:02:43 +0530 Subject: [PATCH 10/16] fix: version update --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index eeee1fe1..1cc7407e 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,7 @@ plugins { id 'java-library' } -version = "8.1.0" +version = "9.0.0" repositories { mavenCentral() From fbe26fffe5d61fac901a20ba86e21b87cef8b9f2 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Thu, 16 Oct 2025 10:55:21 +0530 Subject: [PATCH 11/16] fix: enable request signing --- .../java/io/supertokens/pluginInterface/saml/SAMLClient.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java index e2ca9df8..c3d4838e 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -31,8 +31,9 @@ public class SAMLClient { public final String idpEntityId; public final String idpSigningCertificate; public final boolean allowIDPInitiatedLogin; + public final boolean enableRequestSigning; - public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String metadataURL, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin) { + public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String metadataURL, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin, boolean enableRequestSigning) { this.clientId = clientId; this.clientSecret = clientSecret; this.ssoLoginURL = ssoLoginURL; @@ -43,6 +44,7 @@ public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, Json this.idpEntityId = idpEntityId; this.idpSigningCertificate = idpSigningCertificate; this.allowIDPInitiatedLogin = allowIDPInitiatedLogin; + this.enableRequestSigning = enableRequestSigning; } public JsonObject toJson() { @@ -64,6 +66,7 @@ public JsonObject toJson() { res.addProperty("idpSigningCertificate", this.idpSigningCertificate); } res.addProperty("allowIDPInitiatedLogin", this.allowIDPInitiatedLogin); + res.addProperty("enableRequestSigning", this.enableRequestSigning); return res; } From fe8a78c9cbd7c08575e1b64ae37f3527be11ed80 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Thu, 16 Oct 2025 16:58:48 +0530 Subject: [PATCH 12/16] fix: add enable request signing --- .../io/supertokens/pluginInterface/saml/SAMLClient.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java index c3d4838e..446d62df 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -26,20 +26,18 @@ public class SAMLClient { public final String ssoLoginURL; public final JsonArray redirectURIs; public final String defaultRedirectURI; - public final String metadataURL; public final String spEntityId; public final String idpEntityId; public final String idpSigningCertificate; public final boolean allowIDPInitiatedLogin; public final boolean enableRequestSigning; - public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String metadataURL, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin, boolean enableRequestSigning) { + public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin, boolean enableRequestSigning) { this.clientId = clientId; this.clientSecret = clientSecret; this.ssoLoginURL = ssoLoginURL; this.redirectURIs = redirectURIs; this.defaultRedirectURI = defaultRedirectURI; - this.metadataURL = metadataURL; this.spEntityId = spEntityId; this.idpEntityId = idpEntityId; this.idpSigningCertificate = idpSigningCertificate; @@ -56,9 +54,6 @@ public JsonObject toJson() { } res.addProperty("defaultRedirectURI", this.defaultRedirectURI); res.add("redirectURIs", redirectURIs); - if (this.metadataURL != null) { - res.addProperty("metadataURL", this.metadataURL); - } res.addProperty("spEntityId", spEntityId); res.addProperty("idpEntityId", this.idpEntityId); From 4ec354f738ffde1e9a78856187c5fc48bed85a13 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Tue, 28 Oct 2025 16:43:19 +0530 Subject: [PATCH 13/16] fix: remove sp entity id from client --- .../io/supertokens/pluginInterface/saml/SAMLClient.java | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java index 446d62df..9180fd13 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLClient.java @@ -26,19 +26,17 @@ public class SAMLClient { public final String ssoLoginURL; public final JsonArray redirectURIs; public final String defaultRedirectURI; - public final String spEntityId; public final String idpEntityId; public final String idpSigningCertificate; public final boolean allowIDPInitiatedLogin; public final boolean enableRequestSigning; - public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String spEntityId, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin, boolean enableRequestSigning) { + public SAMLClient(String clientId, String clientSecret, String ssoLoginURL, JsonArray redirectURIs, String defaultRedirectURI, String idpEntityId, String idpSigningCertificate, boolean allowIDPInitiatedLogin, boolean enableRequestSigning) { this.clientId = clientId; this.clientSecret = clientSecret; this.ssoLoginURL = ssoLoginURL; this.redirectURIs = redirectURIs; this.defaultRedirectURI = defaultRedirectURI; - this.spEntityId = spEntityId; this.idpEntityId = idpEntityId; this.idpSigningCertificate = idpSigningCertificate; this.allowIDPInitiatedLogin = allowIDPInitiatedLogin; @@ -54,8 +52,6 @@ public JsonObject toJson() { } res.addProperty("defaultRedirectURI", this.defaultRedirectURI); res.add("redirectURIs", redirectURIs); - - res.addProperty("spEntityId", spEntityId); res.addProperty("idpEntityId", this.idpEntityId); if (this.idpSigningCertificate != null) { res.addProperty("idpSigningCertificate", this.idpSigningCertificate); From a337affd0923eb8491c765d53b8c586ca0a35bda Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 29 Oct 2025 12:44:00 +0530 Subject: [PATCH 14/16] fix: unique idp entity id --- .../java/io/supertokens/pluginInterface/saml/SAMLStorage.java | 3 ++- .../saml/exception/DuplicateEntityIdException.java | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 src/main/java/io/supertokens/pluginInterface/saml/exception/DuplicateEntityIdException.java diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java index 5a255925..1bfa69ce 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -24,9 +24,10 @@ import io.supertokens.pluginInterface.exceptions.StorageQueryException; import io.supertokens.pluginInterface.multitenancy.TenantIdentifier; import io.supertokens.pluginInterface.nonAuthRecipe.NonAuthRecipeStorage; +import io.supertokens.pluginInterface.saml.exception.DuplicateEntityIdException; public interface SAMLStorage extends NonAuthRecipeStorage { - public SAMLClient createOrUpdateSAMLClient(TenantIdentifier tenantIdentifier, SAMLClient samlClient) throws StorageQueryException; + public SAMLClient createOrUpdateSAMLClient(TenantIdentifier tenantIdentifier, SAMLClient samlClient) throws StorageQueryException, DuplicateEntityIdException; public boolean removeSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; public SAMLClient getSAMLClient(TenantIdentifier tenantIdentifier, String clientId) throws StorageQueryException; public SAMLClient getSAMLClientByIDPEntityId(TenantIdentifier tenantIdentifier, String idpEntityId) throws StorageQueryException; diff --git a/src/main/java/io/supertokens/pluginInterface/saml/exception/DuplicateEntityIdException.java b/src/main/java/io/supertokens/pluginInterface/saml/exception/DuplicateEntityIdException.java new file mode 100644 index 00000000..ec1843c0 --- /dev/null +++ b/src/main/java/io/supertokens/pluginInterface/saml/exception/DuplicateEntityIdException.java @@ -0,0 +1,4 @@ +package io.supertokens.pluginInterface.saml.exception; + +public class DuplicateEntityIdException extends Exception { +} From b5b99252efac96e1c7046f99b443e7f71a83cc64 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 29 Oct 2025 21:44:10 +0530 Subject: [PATCH 15/16] fix: changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 931d87df..c1c36a1f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +## [8.3.0] + +- Adds SAML support + ## [8.2.0] - Adds OpenTelemetry javaagent support From 9e50c83d871fcc57c621c14177d892c5bf1c4d18 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 29 Oct 2025 22:07:26 +0530 Subject: [PATCH 16/16] fix: SAML client count --- .../java/io/supertokens/pluginInterface/saml/SAMLStorage.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java index 1bfa69ce..eef6d5a6 100644 --- a/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java +++ b/src/main/java/io/supertokens/pluginInterface/saml/SAMLStorage.java @@ -40,4 +40,5 @@ public interface SAMLStorage extends NonAuthRecipeStorage { public SAMLClaimsInfo getSAMLClaimsAndRemoveCode(TenantIdentifier tenantIdentifier, String code) throws StorageQueryException; public void removeExpiredSAMLCodesAndRelayStates() throws StorageQueryException; + public int countSAMLClients(TenantIdentifier tenantIdentifier) throws StorageQueryException; }