Back to Node Auth0

Interface EventStreamCloudEventConnectionCreatedObject2Options

docs/interfaces/management.Management.EventStreamCloudEventConnectionCreatedObject2Options.html

6.0.013.8 KB
Original Source

Interface EventStreamCloudEventConnectionCreatedObject2Options

Options for the 'samlp' connection

interface EventStreamCloudEventConnectionCreatedObject2Options {
assertion_decryption_settings?: EventStreamCloudEventConnectionCreatedObject2OptionsAssertionDecryptionSettings;
cert?: string;
cert_rollover_notification?: string;
digestAlgorithm?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsDigestAlgorithmEnum;
domain_aliases?: string[];
entityId?: string;
expires?: string;
icon_url?: string;
idpinitiated?: EventStreamCloudEventConnectionCreatedObject2OptionsIdpinitiated;
non_persistent_attrs?: string[];
protocolBinding?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsProtocolBindingEnum;
set_user_root_attributes?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsSetUserRootAttributesEnum;
signatureAlgorithm?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsSignatureAlgorithmEnum;
signInEndpoint?: string;
signingCert?: string;
signSAMLRequest?: boolean;
subject?: EventStreamCloudEventConnectionCreatedObject2OptionsSubject;
tenant_domain?: string;
thumbprints?: string[];
upstream_params?: EventStreamCloudEventConnectionCreatedObject2OptionsUpstreamParams;
debug?: boolean;
deflate?: boolean;
destinationUrl?: string;
disableSignout?: boolean;
fieldsMap?: EventStreamCloudEventConnectionCreatedObject2OptionsFieldsMap;
global_token_revocation_jwt_iss?: string;
global_token_revocation_jwt_sub?: string;
metadataUrl?: string;
recipientUrl?: string;
requestTemplate?: string;
signOutEndpoint?: string;
user_id_attribute?: string;
}

Index

Properties

assertion_decryption_settings?cert?cert_rollover_notification?digestAlgorithm?domain_aliases?entityId?expires?icon_url?idpinitiated?non_persistent_attrs?protocolBinding?set_user_root_attributes?signatureAlgorithm?signInEndpoint?signingCert?signSAMLRequest?subject?tenant_domain?thumbprints?upstream_params?debug?deflate?destinationUrl?disableSignout?fieldsMap?global_token_revocation_jwt_iss?global_token_revocation_jwt_sub?metadataUrl?recipientUrl?requestTemplate?signOutEndpoint?user_id_attribute?

Properties

Optionalassertion_decryption_settings

assertion_decryption_settings?: EventStreamCloudEventConnectionCreatedObject2OptionsAssertionDecryptionSettings

Optionalcert

cert?: string

X.509 signing certificate from the identity provider in .der format. Used to validate signatures in SAML Responses and Assertions. This is an alternative to signingCert and is kept for backward compatibility. Prefer using signingCert instead.

Optionalcert_rollover_notification

cert_rollover_notification?: string

Timestamp of the last certificate expiring soon notification.

OptionaldigestAlgorithm

digestAlgorithm?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsDigestAlgorithmEnum

Optionaldomain_aliases

domain_aliases?: string[]

Domain aliases for the connection

OptionalentityId

entityId?: string

The entity identifier (Issuer) for the SAML Service Provider. When not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This value is included in SAML AuthnRequest messages sent to the identity provider.

Optionalexpires

expires?: string

ISO 8601 formatted datetime indicating when the identity provider's signing certificate expires.

Optionalicon_url

icon_url?: string

URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.

Optionalidpinitiated

idpinitiated?: EventStreamCloudEventConnectionCreatedObject2OptionsIdpinitiated

Optionalnon_persistent_attrs

non_persistent_attrs?: string[]

An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)

OptionalprotocolBinding

protocolBinding?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsProtocolBindingEnum

Optionalset_user_root_attributes

set_user_root_attributes?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsSetUserRootAttributesEnum

OptionalsignatureAlgorithm

signatureAlgorithm?: Management.EventStreamCloudEventConnectionCreatedObject2OptionsSignatureAlgorithmEnum

OptionalsignInEndpoint

signInEndpoint?: string

Identity provider's SAML SingleSignOnService endpoint URL where Auth0 sends SAML authentication requests. This is the primary login URL for the SAML connection. Required unless using metadataUrl or metadataXml.

OptionalsigningCert

signingCert?: string

Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification.

OptionalsignSAMLRequest

signSAMLRequest?: boolean

When true, Auth0 signs SAML authentication requests using the connection's signing key. The signature includes the request's digest and is validated by the identity provider. Defaults to false (unsigned requests).

Optionalsubject

subject?: EventStreamCloudEventConnectionCreatedObject2OptionsSubject

Optionaltenant_domain

tenant_domain?: string

For SAML connections, the tenant domain used to construct the login endpoint URL. Can be a string for single-tenant or an array of strings for multi-tenant validation.

Optionalthumbprints

thumbprints?: string[]

SHA-1 thumbprints (fingerprints) of the identity provider's signing certificates. Automatically computed from signingCert during connection creation. Each thumbprint must be a 40-character hexadecimal string.

Optionalupstream_params

upstream_params?: EventStreamCloudEventConnectionCreatedObject2OptionsUpstreamParams

Optionaldebug

debug?: boolean

When true, enables detailed SAML debugging by issuing 'w' (warning) events in tenant logs containing SAML request/response details. WARNING: Potentially exposes sensitive user information (PII, credentials) and should only be enabled temporarily for debugging purposes.

Optionaldeflate

deflate?: boolean

When true, enables DEFLATE compression for SAML requests sent via HTTP-Redirect binding.

OptionaldestinationUrl

destinationUrl?: string

The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL.

OptionaldisableSignout

disableSignout?: boolean

When true, disables sending SAML logout requests (SingleLogoutService) to the identity provider during user sign-out. The user will be logged out of Auth0 but will remain logged into the identity provider. Defaults to false (federated logout enabled).

OptionalfieldsMap

fieldsMap?: EventStreamCloudEventConnectionCreatedObject2OptionsFieldsMap

Optionalglobal_token_revocation_jwt_iss

global_token_revocation_jwt_iss?: string

Expected 'iss' (Issuer) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT issuer matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_sub.

Optionalglobal_token_revocation_jwt_sub

global_token_revocation_jwt_sub?: string

Expected 'sub' (Subject) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT subject matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_iss.

OptionalmetadataUrl

metadataUrl?: string

HTTPS URL to the identity provider's SAML metadata document. When provided, Auth0 automatically fetches and parses the metadata to extract signInEndpoint, signOutEndpoint, signingCert, signSAMLRequest, and protocolBinding. Use metadataUrl OR metadataXml, not both.

OptionalrecipientUrl

recipientUrl?: string

The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL.

OptionalrequestTemplate

requestTemplate?: string

Custom XML template for SAML authentication requests. Supports variable substitution using @@variableName@@ syntax. When not provided, uses default SAML AuthnRequest template. See https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider#customize-the-request-template

OptionalsignOutEndpoint

signOutEndpoint?: string

Identity provider's SAML SingleLogoutService endpoint URL where Auth0 sends logout requests for federated sign-out. When not provided, defaults to signInEndpoint. Only used if disableSignout is false.

Optionaluser_id_attribute

user_id_attribute?: string

Custom SAML assertion attribute to use as the unique user identifier. When provided, this attribute is prepended to the default user_id mapping list with highest priority. Accepts a string (single SAML attribute name).

Settings

Member Visibility

  • Protected
  • Inherited

ThemeOSLightDark

On This Page

Properties assertion_decryption_settingscertcert_rollover_notificationdigestAlgorithmdomain_aliasesentityIdexpiresicon_urlidpinitiatednon_persistent_attrsprotocolBindingset_user_root_attributessignatureAlgorithmsignInEndpointsigningCertsignSAMLRequestsubjecttenant_domainthumbprintsupstream_paramsdebugdeflatedestinationUrldisableSignoutfieldsMapglobal_token_revocation_jwt_issglobal_token_revocation_jwt_submetadataUrlrecipientUrlrequestTemplatesignOutEndpointuser_id_attribute