Remove wrong info that SAML metadata options can be URLs (#18116)

* Improve typings in saml auth driver * Remove wrong info that SAML metadata options can be URLs
2026-04-25 03:00:53 -04:00 · 2023-04-10 15:11:36 +02:00
parent 8ea94c317b
commit 3dff09346a
2 changed files with 15 additions and 15 deletions
--- a/api/src/auth/drivers/saml.ts
+++ b/api/src/auth/drivers/saml.ts
@@ -16,12 +16,12 @@ import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { LocalAuthDriver } from './local.js';

-// tell samlify to use validator...
+// Register the samlify schema validator
 samlify.setSchemaValidator(validator);

 export class SAMLAuthDriver extends LocalAuthDriver {
-	idp: any;
-	sp: any;
+	sp: samlify.ServiceProviderInstance;
+	idp: samlify.IdentityProviderInstance;
 	usersService: UsersService;
 	config: Record<string, any>;

@@ -82,7 +82,7 @@ export class SAMLAuthDriver extends LocalAuthDriver {
 		}
 	}

-	// There's no local checks to be done when the user is authenticated in the IDP
+	// There's no local checks to be done when the user is authenticated in the IdP
 	override async login(_user: User): Promise<void> {
 		return;
 	}
@@ -103,7 +103,7 @@ export function createSAMLAuthRouter(providerName: string) {
 		'/',
 		asyncHandler(async (req, res) => {
 			const { sp, idp } = getAuthProvider(providerName) as SAMLAuthDriver;
-			const { context: url } = await sp.createLoginRequest(idp, 'redirect');
+			const { context: url } = sp.createLoginRequest(idp, 'redirect');
 			const parsedUrl = new URL(url);

 			if (req.query['redirect']) {
@@ -118,7 +118,7 @@ export function createSAMLAuthRouter(providerName: string) {
 		'/logout',
 		asyncHandler(async (req, res) => {
 			const { sp, idp } = getAuthProvider(providerName) as SAMLAuthDriver;
-			const { context } = await sp.createLogoutRequest(idp, 'redirect', req.body);
+			const { context } = sp.createLogoutRequest(idp, 'redirect', req.body);

 			const authService = new AuthenticationService({ accountability: req.accountability, schema: req.schema });

--- a/docs/self-hosted/config-options.md
+++ b/docs/self-hosted/config-options.md
@@ -830,20 +830,20 @@ without a password.
 - Identity provider (IdP) authenticates users and provides to service providers an authentication assertion that
  indicates a user has been authenticated.

-| Variable                                    | Description                                                                | Default Value |
-| ------------------------------------------- | -------------------------------------------------------------------------- | ------------- |
-| `AUTH_<PROVIDER>_SP_metadata`               | String containing XML metadata for service provider or URL to a remote URL | --            |
-| `AUTH_<PROVIDER>_IDP_metadata`              | String containing XML metadata for identity provider or URL to a remote URL | --            |
-| `AUTH_<PROVIDER>_ALLOW_PUBLIC_REGISTRATION` | Automatically create accounts for authenticating users.                    | `false`       |
-| `AUTH_<PROVIDER>_DEFAULT_ROLE_ID`           | A Directus role ID to assign created users.                                | --            |
-| `AUTH_<PROVIDER>_IDENTIFIER_KEY`            | User profile identifier key <sup>[1]</sup>. Will default to `EMAIL_KEY`.   | --            |
-| `AUTH_<PROVIDER>_EMAIL_KEY`                 | User profile email key.                                                    | `email`       |
+| Variable                                    | Description                                                              | Default Value |
+| ------------------------------------------- | ------------------------------------------------------------------------ | ------------- |
+| `AUTH_<PROVIDER>_SP_metadata`               | String containing XML metadata for service provider                      | --            |
+| `AUTH_<PROVIDER>_IDP_metadata`              | String containing XML metadata for identity provider                     | --            |
+| `AUTH_<PROVIDER>_ALLOW_PUBLIC_REGISTRATION` | Automatically create accounts for authenticating users.                  | `false`       |
+| `AUTH_<PROVIDER>_DEFAULT_ROLE_ID`           | A Directus role ID to assign created users.                              | --            |
+| `AUTH_<PROVIDER>_IDENTIFIER_KEY`            | User profile identifier key <sup>[1]</sup>. Will default to `EMAIL_KEY`. | --            |
+| `AUTH_<PROVIDER>_EMAIL_KEY`                 | User profile email key.                                                  | `email`       |

 <sup>[1]</sup> When authenticating, Directus will match the identifier value from the external user profile to a
 Directus users "External Identifier".

 The `SP_metadata` and `IDP_metadata` variables should be set to the XML metadata provided by the service provider and
-identity provider respectively or can be set to a URL that will be fetched on startup.
+identity provider respectively.

 ### Example: Multiple Auth Providers