Connections created with the metadataUrl parameter do not allow updating Signed Requests setting

Problem statement

We are using this method (using the ‘metadataUrl’ parameter to create a SAML connection). However, once created it is impossible to set “Signed Requests” = True, the toggle resets itself after pressing “save”.


The signSamlRequest attribute will be set based on the “WantAuthnRequestsSigned” attribute in the IdP’s metadata.

When an update is made to a connection through the dashboard or Management API that was created using the IdPs “metadataUrl”, it will pull the metadata again and the signSamlRequest option will be superseded by the metadata.

If the IdP is specifying the WantAuthnRequestsSigned as false, it could be expected they will reject signed requests, so this synchronisation is in place to better align the connection with the IdP’s declarations for ease of use.