From 6c31d230ccd06b80f0985f81be30898317cf5182 Mon Sep 17 00:00:00 2001 From: dorsha Date: Fri, 12 Jun 2026 00:12:01 +0300 Subject: [PATCH] feat(sso): add entityId to configureSAMLByMetadata settings Add the optional entityId field to SSOSAMLByMetadataSettings so callers can persist the IdP entity ID alongside a metadata URL. This lets IdP-initiated SAML login resolve the tenant by the SAML response issuer. Backend: descope/backend#1280 Related issue: descope/etc#16175 Co-Authored-By: Claude Opus 4.8 (1M context) --- lib/management/sso.test.ts | 2 ++ lib/management/types.ts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/management/sso.test.ts b/lib/management/sso.test.ts index 9a24d5625..8a10d8bd0 100644 --- a/lib/management/sso.test.ts +++ b/lib/management/sso.test.ts @@ -409,6 +409,7 @@ describe('Management SSO', () => { 't1', { idpMetadataUrl: 'https://metadata.com', + entityId: 'https://idp.example.com/entity', attributeMapping: { name: 'IDP_NAME', email: 'IDP_MAIL' }, spACSUrl: 'https://spacs.url', spEntityId: 'spentityid', @@ -422,6 +423,7 @@ describe('Management SSO', () => { tenantId: 't1', settings: { idpMetadataUrl: 'https://metadata.com', + entityId: 'https://idp.example.com/entity', attributeMapping: { name: 'IDP_NAME', email: 'IDP_MAIL' }, spACSUrl: 'https://spacs.url', spEntityId: 'spentityid', diff --git a/lib/management/types.ts b/lib/management/types.ts index 9d7c0cee9..b623dbc4b 100644 --- a/lib/management/types.ts +++ b/lib/management/types.ts @@ -619,6 +619,8 @@ export type SSOSAMLSettings = { export type SSOSAMLByMetadataSettings = { idpMetadataUrl: string; + /** IdP entity ID - set so IdP-initiated login can resolve the tenant by the SAML response issuer */ + entityId?: string; roleMappings?: RoleMappings; attributeMapping?: AttributeMapping; defaultSSORoles?: string[];