Stay organized with collections
Save and categorize content based on your preferences.
The [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) Auth provider configuration interface. A SAML provider can be created via BaseAuth.createProviderConfig().
This is fixed and must always be the same as the OAuth redirect URL provisioned by Firebase Auth, https://project-id.firebaseapp.com/__/auth/handler unless a custom authDomain is used. The callback URL should also be provided to the SAML IdP during configuration.
The list of SAML IdP X.509 certificates issued by CA for this provider. Multiple certificates are accepted to prevent outages during IdP key rotation (for example ADFS rotates every 10 days). When the Auth server receives a SAML response, it will match the SAML response with the certificate on record. Otherwise the response is rejected. Developers are expected to manage the certificate updates as keys are rotated.
SAMLAuthProviderConfig.callbackURL
This is fixed and must always be the same as the OAuth redirect URL provisioned by Firebase Auth, https://project-id.firebaseapp.com/__/auth/handler unless a custom authDomain is used. The callback URL should also be provided to the SAML IdP during configuration.
Signature:
callbackURL?:string;
SAMLAuthProviderConfig.idpEntityId
The SAML IdP entity identifier.
Signature:
idpEntityId:string;
SAMLAuthProviderConfig.rpEntityId
The SAML relying party (service provider) entity ID. This is defined by the developer but needs to be provided to the SAML IdP.
Signature:
rpEntityId:string;
SAMLAuthProviderConfig.ssoURL
The SAML IdP SSO URL. This must be a valid URL.
Signature:
ssoURL:string;
SAMLAuthProviderConfig.x509Certificates
The list of SAML IdP X.509 certificates issued by CA for this provider. Multiple certificates are accepted to prevent outages during IdP key rotation (for example ADFS rotates every 10 days). When the Auth server receives a SAML response, it will match the SAML response with the certificate on record. Otherwise the response is rejected. Developers are expected to manage the certificate updates as keys are rotated.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2022-07-29 UTC."],[],[],null,["The \\[SAML\\](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) Auth provider configuration interface. A SAML provider can be created via [BaseAuth.createProviderConfig()](./firebase-admin.auth.baseauth.md#baseauthcreateproviderconfig).\n\n**Signature:** \n\n export interface SAMLAuthProviderConfig extends BaseAuthProviderConfig \n\n**Extends:** [BaseAuthProviderConfig](./firebase-admin.auth.baseauthproviderconfig.md#baseauthproviderconfig_interface)\n\nProperties\n\nSAMLAuthProviderConfig.callbackURL\n\nThis is fixed and must always be the same as the OAuth redirect URL provisioned by Firebase Auth, `https://project-id.firebaseapp.com/__/auth/handler` unless a custom `authDomain` is used. The callback URL should also be provided to the SAML IdP during configuration.\n\n**Signature:** \n\n callbackURL?: string;\n\nSAMLAuthProviderConfig.idpEntityId\n\nThe SAML IdP entity identifier.\n\n**Signature:** \n\n idpEntityId: string;\n\nSAMLAuthProviderConfig.rpEntityId\n\nThe SAML relying party (service provider) entity ID. This is defined by the developer but needs to be provided to the SAML IdP.\n\n**Signature:** \n\n rpEntityId: string;\n\nSAMLAuthProviderConfig.ssoURL\n\nThe SAML IdP SSO URL. This must be a valid URL.\n\n**Signature:** \n\n ssoURL: string;\n\nSAMLAuthProviderConfig.x509Certificates\n\nThe list of SAML IdP X.509 certificates issued by CA for this provider. Multiple certificates are accepted to prevent outages during IdP key rotation (for example ADFS rotates every 10 days). When the Auth server receives a SAML response, it will match the SAML response with the certificate on record. Otherwise the response is rejected. Developers are expected to manage the certificate updates as keys are rotated.\n\n**Signature:** \n\n x509Certificates: string[];"]]
