Configure SAML callback URL

jrosen-cc · March 14, 2024, 3:39pm

The Connect Your App to SAML Identity Providers docs say

Add an Allowed Callback URL of {https://yourApp/callback}

Is this configurable for SAML? Our application uses the auth0-nextjs library, which uses /api/auth/callback as the path.

rueben.tiow · March 14, 2024, 7:28pm

Hi @jrosen-cc,

The documentation provides a generalized example, like setting the callback URL to http://localhost:3000.

In this case, you can continue using your /api/auth/callback path as the callback URL of your app. For example: http://localhost:3000/api/auth/callback.

Then, you will want to configure your SAML connection on the Dashboard > Authentication > Enterprise > SAML.

Let me know how this goes for you.

Thanks,
Rueben

jrosen-cc · March 14, 2024, 8:16pm

The new-SAML-configuration form has the following fields:

Connection name
Sign In URL (placeholder: https://samlp.example.com/login)
X509 Signing Certificate
Enable Sign Out
Sign Out URL (placeholder: https://samlp.example.com/logout)
User ID Attribute (placeholder: http://schemas.xmlsoap.org/2005/05/identity/claims/nameidentifier)
Debug Mode
Sign Request
Sign Request Algorithm
Sign Request Algorithm Digest
Protocol Binding
Request Template

None of these suggest to me where I put http://localhost:3000/api/auth/callback

rueben.tiow · March 15, 2024, 4:45pm

Hi @jrosen-cc,

Thanks for the reply.

Yes, that’s correct. Those settings are for the SAML Enterprise connection.

To set the callback URL for your application, you will need to go to the Dashboard > Applications > Applications > Your Application > Allowed Callback URLs.

Don’t forget to save your changes at the bottom!

Cheers,
Rueben

jrosen-cc · March 15, 2024, 5:14pm

We already have several allowed callback URLs configured for the application:

https://production.example.com/api/auth/callback
https://*.staging.example.com/api/auth/callback
http://localhost:3000/api/auth/callback

What I’m unclear about is how the SAML connection knows which of those to use.

rueben.tiow · March 15, 2024, 7:00pm

Hi @jrosen-cc,

Great! Then you should be all set here.

When you authenticate on your application, your application will specify a redirect_uri in the request.

This redirect_uri value should match one of the allowed callback URLs. And that’s how your application knows to redirect to the callback URL after the authentication completes, regardless of your connection.

jrosen-cc · March 15, 2024, 10:54pm

When you authenticate on your application, your application will specify a redirect_uri in the request.

That’s the piece I was missing. The SAML document made it sound like that value was fixed for SAML integrations, rather than provided at runtime by the client application.

rueben.tiow · March 19, 2024, 12:09am

Hi @jrosen-cc,

Ah, yes, I agree that the documentation is slightly misleading with how was worded.

I’ll pass your feedback on to our docs team so they can revise that section.

If there is anything else you need help with, please feel free to reach out.

Cheers,
Rueben

system · April 2, 2024, 12:10am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.