providers/ssoready-saml

Built-in SSOReady SAML integration.

SSOReadySAMLProfile

Extends

• Record<string, any>

Properties

email

email: string;

id

id: string;

organizationExternalId

organizationExternalId: string;

organizationId

organizationId: string;

default()

default<P>(options): OAuthConfig<P>

Add SSOReady SAML login to your page.

Setup

Callback URL

https://example.com/api/auth/callback/ssoready-saml

Configuration

import { Auth } from "@auth/core"
import SSOReadySAML from "@auth/core/providers/ssoready-saml"
 
const request = new Request(origin)
const response = await Auth(request, {
  providers: [
    SSOReadySAML({
      clientId: SSOREADY_SAML_CLIENT_ID,
      clientSecret: SSOREADY_SAML_CLIENT_SECRET,
    }),
  ],
})

Resources

• SSOReady SSO OAuth documentation

Notes

By default, Auth.js assumes that the SSOReady SAML provider is based on the OAuth 2 specification.

SAML is not a single identity provider but rather a decentralized family of identity providers which all implement the SAML protocol. You can’t just “log in via SAML”. You always log in to a particular instance of SAML.

To specify which instance of SAML to use, you provide to the SSOReadySAML provider an organizationExternalId. How you determine the appropriate organizationExternalId to provide is covered in the SSOReady docs.

If your product’s notion of an organization maps one-to-one with a company’s domain, then you might implement SAML sign-ons like so:

const [email, setEmail] = useState("")
 
// ...
 
<input
  type="email"
  value={email}
  placeholder="Email"
  onChange={(event) => setEmail(event.target.value)}
/>
<button
  onClick={() =>
    signIn("ssoready-saml", undefined, {
      organizationExternalId: email.split("@")[1],
    })
  }
>
  Sign in with SSO
</button>

The setup above presumes that you configure your organizations in SSOReady to have domains (e.g. “example.com”) as their external IDs.

Type parameters

Parameters

Returns

OAuthConfig<P>