oauth_saml_bearer_grant.rdoc

doc/oauth_saml_bearer_grant.rdoc
Last Update: 2025-05-10 23:54:05 +0000

Documentation for OAuth SAML Bearer Grant feature

The oauth_saml_bearer_grant feature implements the OAuth 2.0 SAML Profile for Client Authentication and Authorization Grants.

datatracker.ietf.org/doc/html/rfc7522

This feature depends on the oauth_assertion_base feature.

Auth Value Methods

oauth_saml_name_identifier_format

SAML Identity Provider name ID format.

oauth_saml_idp_cert_check_expiration

Enables SAML assertion idp cert expiration check (true by default).

oauth_saml_assertion_not_base64_message

error description when the SAML assertion isn’t base64 encoded.

oauth_saml_assertion_single_issuer_message

error description when the SAML assertion contains multiple issuers (or none).

oauth_saml_settings_not_found_message

error description when no SAML settings were found for the given issuer.

oauth_saml_settings_table

the db table where SAML settings are stored, :oauth_saml_settings by default.

oauth_saml_settings_id_column

the db column where the SAML settings primary key is stored, :id by default.

oauth_saml_settings_oauth_application_id_column

the db column where the SAML settings oauth application id is stored, :oauth_application_id by default.

oauth_saml_settings_audience_column

the db column where the SAML settings audience is stored, :audience by default.

oauth_saml_settings_idp_cert_column

the db column where the SAML settings idp certificate is stored, :idp_cert by default.

oauth_saml_settings_idp_cert_fingerprint_algorithm_column

the db column where the SAML settings idp certificate fingerprint algorithm is stored, :idp_cert_fingerprint_algorithm by default.

oauth_saml_settings_idp_cert_fingerprint_column

the db column where the SAML settings idp certificate fingerprint is stored, :idp_cert_fingerprint by default.

oauth_saml_settings_idp_cert_check_expiration_column

the db column where the SAML setting to check idp certificate expiration is stored, :check_idp_cert_expiration by default.

oauth_saml_settings_issuer_column

the db column where the SAML settings issuer is stored, :issuer by default.

oauth_saml_settings_name_identifier_format_column

the db column where the SAML settings name identifier format is stored, :name_identifier_format by default.

oauth_saml_bearer_grant documented methods that don’t exist: oauth_saml_cert, oauth_saml_cert_fingerprint, oauth_saml_cert_fingerprint_algorithm, oauth_saml_security_authn_requests_signed, oauth_saml_security_digest_method, oauth_saml_security_metadata_signed, oauth_saml_security_signature_method

Auth methods

require_oauth_application_from_saml2_bearer_assertion_issuer

loads the oauth application from the SAML assertion issuer (client authorization).

require_oauth_application_from_saml2_bearer_assertion_subject

loads the oauth application from the SAML assertion subject (client authentication).

account_from_saml2_bearer_assertion

loads the user account from the SAML assertion.