Configure SAML callback URL

The Connect Your App to SAML Identity Providers docs say

Add an Allowed Callback URL of {https://yourApp/callback}

Is this configurable for SAML? Our application uses the auth0-nextjs library, which uses /api/auth/callback as the path.

Hi @jrosen-cc,

The documentation provides a generalized example, like setting the callback URL to http://localhost:3000.

In this case, you can continue using your /api/auth/callback path as the callback URL of your app. For example: http://localhost:3000/api/auth/callback.

Then, you will want to configure your SAML connection on the Dashboard > Authentication > Enterprise > SAML.

Let me know how this goes for you.

Thanks,
Rueben

The new-SAML-configuration form has the following fields:

  • Connection name
  • Sign In URL (placeholder: https://samlp.example.com/login)
  • X509 Signing Certificate
  • Enable Sign Out
  • Sign Out URL (placeholder: https://samlp.example.com/logout)
  • User ID Attribute (placeholder: http://schemas.xmlsoap.org/2005/05/identity/claims/nameidentifier)
  • Debug Mode
  • Sign Request
  • Sign Request Algorithm
  • Sign Request Algorithm Digest
  • Protocol Binding
  • Request Template

None of these suggest to me where I put http://localhost:3000/api/auth/callback

Hi @jrosen-cc,

Thanks for the reply.

Yes, that’s correct. Those settings are for the SAML Enterprise connection.

To set the callback URL for your application, you will need to go to the Dashboard > Applications > Applications > Your Application > Allowed Callback URLs.

Don’t forget to save your changes at the bottom!

Cheers,
Rueben

We already have several allowed callback URLs configured for the application:

https://production.example.com/api/auth/callback
https://*.staging.example.com/api/auth/callback
http://localhost:3000/api/auth/callback

What I’m unclear about is how the SAML connection knows which of those to use.

Hi @jrosen-cc,

Great! Then you should be all set here.

When you authenticate on your application, your application will specify a redirect_uri in the request.

This redirect_uri value should match one of the allowed callback URLs. And that’s how your application knows to redirect to the callback URL after the authentication completes, regardless of your connection.

When you authenticate on your application, your application will specify a redirect_uri in the request.

That’s the piece I was missing. The SAML document made it sound like that value was fixed for SAML integrations, rather than provided at runtime by the client application.

1 Like

Hi @jrosen-cc,

Ah, yes, I agree that the documentation is slightly misleading with how was worded.

I’ll pass your feedback on to our docs team so they can revise that section.

If there is anything else you need help with, please feel free to reach out.

Cheers,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.