docs/interfaces/management.Management.EventStreamCloudEventConnectionDeletedObject2Options.html
Options for the 'samlp' connection
interface EventStreamCloudEventConnectionDeletedObject2Options {
assertion_decryption_settings?: EventStreamCloudEventConnectionDeletedObject2OptionsAssertionDecryptionSettings;
cert?: string;
cert_rollover_notification?: string;
digestAlgorithm?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsDigestAlgorithmEnum;
domain_aliases?: string[];
entityId?: string;
expires?: string;
icon_url?: string;
idpinitiated?: EventStreamCloudEventConnectionDeletedObject2OptionsIdpinitiated;
non_persistent_attrs?: string[];
protocolBinding?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsProtocolBindingEnum;
set_user_root_attributes?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsSetUserRootAttributesEnum;
signatureAlgorithm?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsSignatureAlgorithmEnum;
signInEndpoint?: string;
signingCert?: string;
signSAMLRequest?: boolean;
subject?: EventStreamCloudEventConnectionDeletedObject2OptionsSubject;
tenant_domain?: string;
thumbprints?: string[];
upstream_params?: EventStreamCloudEventConnectionDeletedObject2OptionsUpstreamParams;
debug?: boolean;
deflate?: boolean;
destinationUrl?: string;
disableSignout?: boolean;
fieldsMap?: EventStreamCloudEventConnectionDeletedObject2OptionsFieldsMap;
global_token_revocation_jwt_iss?: string;
global_token_revocation_jwt_sub?: string;
metadataUrl?: string;
recipientUrl?: string;
requestTemplate?: string;
signOutEndpoint?: string;
user_id_attribute?: string;
}
assertion_decryption_settings?cert?cert_rollover_notification?digestAlgorithm?domain_aliases?entityId?expires?icon_url?idpinitiated?non_persistent_attrs?protocolBinding?set_user_root_attributes?signatureAlgorithm?signInEndpoint?signingCert?signSAMLRequest?subject?tenant_domain?thumbprints?upstream_params?debug?deflate?destinationUrl?disableSignout?fieldsMap?global_token_revocation_jwt_iss?global_token_revocation_jwt_sub?metadataUrl?recipientUrl?requestTemplate?signOutEndpoint?user_id_attribute?
Optionalassertion_decryption_settingsassertion_decryption_settings?: EventStreamCloudEventConnectionDeletedObject2OptionsAssertionDecryptionSettings
Optionalcertcert?: string
X.509 signing certificate from the identity provider in .der format. Used to validate signatures in SAML Responses and Assertions. This is an alternative to signingCert and is kept for backward compatibility. Prefer using signingCert instead.
Optionalcert_rollover_notificationcert_rollover_notification?: string
Timestamp of the last certificate expiring soon notification.
OptionaldigestAlgorithmdigestAlgorithm?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsDigestAlgorithmEnum
Optionaldomain_aliasesdomain_aliases?: string[]
Domain aliases for the connection
OptionalentityIdentityId?: string
The entity identifier (Issuer) for the SAML Service Provider. When not provided, defaults to 'urn:auth0:{tenant}:{connection}'. This value is included in SAML AuthnRequest messages sent to the identity provider.
Optionalexpiresexpires?: string
ISO 8601 formatted datetime indicating when the identity provider's signing certificate expires.
Optionalicon_urlicon_url?: string
URL for the connection icon displayed in Auth0 login pages. Accepts HTTPS URLs. Used for visual branding in authentication flows.
Optionalidpinitiatedidpinitiated?: EventStreamCloudEventConnectionDeletedObject2OptionsIdpinitiated
Optionalnon_persistent_attrsnon_persistent_attrs?: string[]
An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)
OptionalprotocolBindingprotocolBinding?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsProtocolBindingEnum
Optionalset_user_root_attributesset_user_root_attributes?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsSetUserRootAttributesEnum
OptionalsignatureAlgorithmsignatureAlgorithm?: Management.EventStreamCloudEventConnectionDeletedObject2OptionsSignatureAlgorithmEnum
OptionalsignInEndpointsignInEndpoint?: string
Identity provider's SAML SingleSignOnService endpoint URL where Auth0 sends SAML authentication requests. This is the primary login URL for the SAML connection. Required unless using metadataUrl or metadataXml.
OptionalsigningCertsigningCert?: string
Base64-encoded X.509 certificate from the identity provider used to validate signatures in SAML responses and assertions. The certificate is decoded and used for cryptographic signature verification.
OptionalsignSAMLRequestsignSAMLRequest?: boolean
When true, Auth0 signs SAML authentication requests using the connection's signing key. The signature includes the request's digest and is validated by the identity provider. Defaults to false (unsigned requests).
Optionalsubjectsubject?: EventStreamCloudEventConnectionDeletedObject2OptionsSubject
Optionaltenant_domaintenant_domain?: string
For SAML connections, the tenant domain used to construct the login endpoint URL. Can be a string for single-tenant or an array of strings for multi-tenant validation.
Optionalthumbprintsthumbprints?: string[]
SHA-1 thumbprints (fingerprints) of the identity provider's signing certificates. Automatically computed from signingCert during connection creation. Each thumbprint must be a 40-character hexadecimal string.
Optionalupstream_paramsupstream_params?: EventStreamCloudEventConnectionDeletedObject2OptionsUpstreamParams
Optionaldebugdebug?: boolean
When true, enables detailed SAML debugging by issuing 'w' (warning) events in tenant logs containing SAML request/response details. WARNING: Potentially exposes sensitive user information (PII, credentials) and should only be enabled temporarily for debugging purposes.
Optionaldeflatedeflate?: boolean
When true, enables DEFLATE compression for SAML requests sent via HTTP-Redirect binding.
OptionaldestinationUrldestinationUrl?: string
The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL.
OptionaldisableSignoutdisableSignout?: boolean
When true, disables sending SAML logout requests (SingleLogoutService) to the identity provider during user sign-out. The user will be logged out of Auth0 but will remain logged into the identity provider. Defaults to false (federated logout enabled).
OptionalfieldsMapfieldsMap?: EventStreamCloudEventConnectionDeletedObject2OptionsFieldsMap
Optionalglobal_token_revocation_jwt_issglobal_token_revocation_jwt_iss?: string
Expected 'iss' (Issuer) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT issuer matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_sub.
Optionalglobal_token_revocation_jwt_subglobal_token_revocation_jwt_sub?: string
Expected 'sub' (Subject) claim value for JWT tokens in Global Token Revocation requests from the identity provider. When configured, Auth0 validates the JWT subject matches this value before processing token revocation. Must be used together with global_token_revocation_jwt_iss.
OptionalmetadataUrlmetadataUrl?: string
HTTPS URL to the identity provider's SAML metadata document. When provided, Auth0 automatically fetches and parses the metadata to extract signInEndpoint, signOutEndpoint, signingCert, signSAMLRequest, and protocolBinding. Use metadataUrl OR metadataXml, not both.
OptionalrecipientUrlrecipientUrl?: string
The URL where Auth0 will send SAML authentication requests (the Identity Provider's SSO URL). Must be a valid HTTPS URL.
OptionalrequestTemplaterequestTemplate?: string
Custom XML template for SAML authentication requests. Supports variable substitution using @@variableName@@ syntax. When not provided, uses default SAML AuthnRequest template. See https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/configure-auth0-saml-service-provider#customize-the-request-template
OptionalsignOutEndpointsignOutEndpoint?: string
Identity provider's SAML SingleLogoutService endpoint URL where Auth0 sends logout requests for federated sign-out. When not provided, defaults to signInEndpoint. Only used if disableSignout is false.
Optionaluser_id_attributeuser_id_attribute?: string
Custom SAML assertion attribute to use as the unique user identifier. When provided, this attribute is prepended to the default user_id mapping list with highest priority. Accepts a string (single SAML attribute name).
Member Visibility
ThemeOSLightDark
Properties assertion_decryption_settingscertcert_rollover_notificationdigestAlgorithmdomain_aliasesentityIdexpiresicon_urlidpinitiatednon_persistent_attrsprotocolBindingset_user_root_attributessignatureAlgorithmsignInEndpointsigningCertsignSAMLRequestsubjecttenant_domainthumbprintsupstream_paramsdebugdeflatedestinationUrldisableSignoutfieldsMapglobal_token_revocation_jwt_issglobal_token_revocation_jwt_submetadataUrlrecipientUrlrequestTemplatesignOutEndpointuser_id_attribute