Skip to main content

Create or Update SAML Client

curl -X PUT https://your-domain.com/recipe/saml/clients \
  -H "Content-Type: application/json" \
  -d '{
    "clientId": "my-saml-client",
    "clientSecret": "optional-secret",
    "defaultRedirectURI": "https://myapp.com/auth/callback",
    "redirectURIs": [
      "https://myapp.com/auth/callback",
      "https://myapp.com/admin/callback"
    ],
    "metadataXML": "base64-encoded-idp-metadata",
    "allowIDPInitiatedLogin": false,
    "enableRequestSigning": true
  }'

{
  "status": "OK",
  "clientId": "my-saml-client",
  "clientSecret": "optional-secret",
  "defaultRedirectURI": "https://myapp.com/auth/callback",
  "redirectURIs": [
    "https://myapp.com/auth/callback",
    "https://myapp.com/admin/callback"
  ],
  "idpEntityId": "https://idp.example.com",
  "idpSsoUrl": "https://idp.example.com/sso",
  "idpCertificate": "-----BEGIN CERTIFICATE-----...",
  "allowIDPInitiatedLogin": false,
  "enableRequestSigning": true,
  "createdAt": 1234567890000,
  "updatedAt": 1234567890000
}
clientId
string
Unique identifier for this SAML client. If not provided, one will be auto-generated with prefix “st_saml_”
clientSecret
string
Optional client secret for additional security
defaultRedirectURI
string
required
Default redirect URI after successful authentication
redirectURIs
array
required
Array of allowed redirect URIs (must include defaultRedirectURI)
metadataXML
string
required
Base64-encoded SAML IdP metadata XML document
allowIDPInitiatedLogin
boolean
Whether to allow IdP-initiated login flows (default: false)
enableRequestSigning
boolean
Whether to sign SAML authentication requests (default: true)
status
string
“OK” or “DUPLICATE_IDP_ENTITY_ERROR”
clientId
string
The client identifier
idpEntityId
string
Entity ID extracted from IdP metadata
idpSsoUrl
string
SSO URL extracted from IdP metadata
idpCertificate
string
X.509 certificate extracted from IdP metadata

List SAML Clients

curl -X GET https://your-domain.com/recipe/saml/clients/list \
  -H "Content-Type: application/json"

{
  "status": "OK",
  "clients": [
    {
      "clientId": "my-saml-client",
      "clientSecret": "optional-secret",
      "defaultRedirectURI": "https://myapp.com/auth/callback",
      "redirectURIs": [
        "https://myapp.com/auth/callback"
      ],
      "idpEntityId": "https://idp.example.com",
      "idpSsoUrl": "https://idp.example.com/sso",
      "idpCertificate": "-----BEGIN CERTIFICATE-----...",
      "allowIDPInitiatedLogin": false,
      "enableRequestSigning": true,
      "createdAt": 1234567890000,
      "updatedAt": 1234567890000
    }
  ]
}
status
string
“OK”
clients
array
Array of SAML client configurations

Remove SAML Client

curl -X POST https://your-domain.com/recipe/saml/clients/remove \
  -H "Content-Type: application/json" \
  -d '{
    "clientId": "my-saml-client"
  }'

{
  "status": "OK",
  "didExist": true
}
clientId
string
required
The client ID to remove
status
string
“OK”
didExist
boolean
Whether the client existed before removal

Build docs developers (and LLMs) love

Get started for freeTalk to us