Appearance
cloudfire-auth / SAMLAuthProviderConfig
Interface: SAMLAuthProviderConfig
Defined in: types/firebase-admin/auth-config.ts:494
The SAML Auth provider configuration interface. A SAML provider can be created via CloudFireAuth.createProviderConfig.
Extends
BaseAuthProviderConfig
Properties
callbackURL?
optionalcallbackURL:string
Defined in: types/firebase-admin/auth-config.ts:526
This is fixed and must always be the same as the OAuth redirect URL provisioned by Firebase Auth, https://project-id.firebaseapp.com/__/auth/handler unless a custom authDomain is used. The callback URL should also be provided to the SAML IdP during configuration.
displayName?
optionaldisplayName:string
Defined in: types/firebase-admin/auth-config.ts:481
The user-friendly display name to the current configuration. This name is also used as the provider label in the Cloud Console.
Inherited from
BaseAuthProviderConfig.displayName
enabled
enabled:
boolean
Defined in: types/firebase-admin/auth-config.ts:486
Whether the provider configuration is enabled or disabled. A user cannot sign in using a disabled provider.
Inherited from
BaseAuthProviderConfig.enabled
idpEntityId
idpEntityId:
string
Defined in: types/firebase-admin/auth-config.ts:498
The SAML IdP entity identifier.
providerId
providerId:
string
Defined in: types/firebase-admin/auth-config.ts:476
The provider ID defined by the developer. For a SAML provider, this is always prefixed by saml.. For an OIDC provider, this is always prefixed by oidc..
Inherited from
BaseAuthProviderConfig.providerId
rpEntityId
rpEntityId:
string
Defined in: types/firebase-admin/auth-config.ts:517
The SAML relying party (service provider) entity ID. This is defined by the developer but needs to be provided to the SAML IdP.
ssoURL
ssoURL:
string
Defined in: types/firebase-admin/auth-config.ts:502
The SAML IdP SSO URL. This must be a valid URL.
x509Certificates
x509Certificates:
string[]
Defined in: types/firebase-admin/auth-config.ts:512
The list of SAML IdP X.509 certificates issued by CA for this provider. Multiple certificates are accepted to prevent outages during IdP key rotation (for example ADFS rotates every 10 days). When the Auth server receives a SAML response, it will match the SAML response with the certificate on record. Otherwise the response is rejected. Developers are expected to manage the certificate updates as keys are rotated.