feat: SAML #1192

sattvikc · 2025-10-13T07:47:48Z

Summary of change

(A few sentences about this PR)

Related issues

Link to issue1 here
Link to issue1 here

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your
changes work. Bonus points for screenshots and videos!)

Documentation changes

(If relevant, please create a PR in our docs repo, or create a checklist here
highlighting the necessary changes)

Checklist for important updates

Remaining TODOs for this PR

Item1
Item2

…gement

src/main/java/io/supertokens/webserver/api/saml/CreateOrUpdateSamlClientAPI.java

This reverts commit 2d5a07c.

* experiment: Deadlock logger * fix: race issue with oauth refresh (#1199) * fix: race issue with oauth refresh * fix: review comment * fix: remove print * fix: deadlock in resource distributor (#1197) * adding dev-v11.2.1 tag to this commit to ensure building * fix: add deadlock logger * fix: changelog and build version * fix: only start deadlocklogger if it's enabled --------- Co-authored-by: Sattvik Chakravarthy <sattvik@supertokens.com> Co-authored-by: Supertokens Bot <>

src/main/java/io/supertokens/inmemorydb/queries/SAMLQueries.java

src/main/java/io/supertokens/saml/SAMLCertificate.java

src/test/java/io/supertokens/test/PluginTest.java

src/test/java/io/supertokens/test/jwt/api/JWKSAPITest2_21.java

porcellus · 2025-11-13T16:52:01Z

src/main/java/io/supertokens/saml/SAML.java

+            byte[] bytes = metadataXML.getBytes(StandardCharsets.UTF_8);
+            try (InputStream inputStream = new java.io.ByteArrayInputStream(bytes)) {
+                XMLObject xmlObject = XMLObjectSupport.unmarshallFromInputStream(
+                        XMLObjectProviderRegistrySupport.getParserPool(), inputStream);
+                if (xmlObject instanceof EntityDescriptor) {
+                    return (EntityDescriptor) xmlObject;
+                } else {
+                    throw new RuntimeException("Expected EntityDescriptor but got: " + xmlObject.getClass());
+                }
+            }


XML deserialization is a frequent source of security issues - is there anything we need to/can do here?

src/main/java/io/supertokens/saml/SAML.java

sattvikc added 22 commits September 16, 2025 18:43

fix: outline

b252276

fix: login redirect impl

5b417ba

fix: handle SAML callback

ac34056

fix: saml cert management

fccac84

fix: authn request signing

4687aab

fix: working login for azure

3ba6f01

fix: save idp entity id

d886810

fix: use client id from relay state info

faf51af

fix: create or update saml client

6ddd9b6

fix: generate clientId

b12325b

fix: list SAML Clients

6ae7118

fix: remove saml client

dac3293

fix: saml callback and token

ea53cc0

fix: idp flow

86553f6

fix: remove unnecessary logging

f6e0870

fix: apis to work like boxy

f93b4e4

fix: add support for legacy SAML ACS URL and enhance SAML client mana…

75b4ae7

…gement

fix: enforce public tenant in legacy APIs

37910ff

fix: client secret checking in legacy API

eaf3600

fix: cronjob to cleanup saml codes

4c384c0

fix: tests

cffb56d

fix: version update

30cbf80

sattvikc self-assigned this Oct 13, 2025

sattvikc added 6 commits October 13, 2025 16:40

test: create or update saml client

0585be1

test: list and delete saml client

f910cf5

test: create saml login redirect

9ef0000

test: bad inputs for handle saml callback

6106b98

fix: expiration handling

68717b7

test: SAML audience check

cf07b5d

sattvikc commented Oct 15, 2025

View reviewed changes

src/main/java/io/supertokens/webserver/api/saml/CreateOrUpdateSamlClientAPI.java Outdated Show resolved Hide resolved

sattvikc added 2 commits October 29, 2025 13:21

fix: sp metadata and featureflag test

d18b69c

fix: tests

e868164

sattvikc changed the base branch from 11.1 to 11.2 October 29, 2025 10:25

sattvikc and others added 16 commits October 29, 2025 16:27

fix: global logging level

299ed4a

fix: changelog

4aa2715

fix: SAML client count

c7c53c0

fix: saml stats

502dd4b

fix: SAML certificate refresh

ae1d93e

fix: SAML metadata API

2d86bc6

fix: tests

93ee54a

fix: not loading keys on tenant creation

6d822be

fix: deadlock

2d5a07c

fix: removing deadlock causing code

64583cc

fix: removing locks

eb0e8ff

Revert "fix: deadlock"

4be3b1e

This reverts commit 2d5a07c.

fix: index for expires_at

c8c93ed

fix: rename saml cleanup cron task

1be70ee

Merge branch '11.2' into feat/saml/impl-1

2e6fc8f

porcellus requested changes Nov 13, 2025

View reviewed changes

sattvikc added 8 commits November 14, 2025 11:25

fix: tests

87c1df8

fix: tests

2f527db

fix: inmemory tests

74547d7

fix: gradle

0d577d7

fix: deadlock in delete table

dfc3228

fix: in memory test for concurrency

077e1c4

fix: configurable claims and relay state validity and cleanup

fa9f49f

fix: generating secure random for serial number

29b9c2d

porcellus approved these changes Nov 14, 2025

View reviewed changes

fix: bulk import chunking

1858eb3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: SAML #1192

feat: SAML #1192

Uh oh!

sattvikc commented Oct 13, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

porcellus Nov 13, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

feat: SAML #1192

Are you sure you want to change the base?

feat: SAML #1192

Uh oh!

Conversation

sattvikc commented Oct 13, 2025

Summary of change

Related issues

Test Plan

Documentation changes

Checklist for important updates

Remaining TODOs for this PR

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

porcellus Nov 13, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants