<%= form_with model: @encrypted_config, url: settings_sso_path, method: :patch, local: true, multipart: true, class: "space-y-4" do |f| %>
<%= svg_icon('info_circle', class: 'w-6 h-6') %>

SAML SSO Configuration

Configure SAML 2.0 Single Sign-On for your organization. Users will be able to sign in using your identity provider.

<% saml_config = @encrypted_config.value.present? ? JSON.parse(@encrypted_config.value) : {} %>

Quick Setup: Upload IdP Metadata

Upload your Identity Provider's metadata XML file to automatically populate the configuration below.

<%= label_tag 'idp_metadata_file', 'IdP Metadata XML File', class: 'label' %> <%= file_field_tag 'idp_metadata_file', accept: '.xml,application/xml,text/xml', class: 'file-input file-input-bordered w-full' %>
Select your IdP's metadata.xml file to auto-configure SAML settings
<%= submit_tag 'Parse Metadata', class: 'btn btn-primary btn-sm' %>
OR configure manually
<%= label_tag 'saml_config[idp_sso_service_url]', 'Identity Provider SSO URL', class: 'label' %> <%= text_field_tag 'saml_config[idp_sso_service_url]', saml_config['idp_sso_service_url'], class: 'input input-bordered w-full', placeholder: 'https://your-idp.com/sso/saml', required: true %>
The URL where users will be redirected to authenticate
<%= label_tag 'saml_config[idp_cert_fingerprint]', 'Identity Provider Certificate Fingerprint', class: 'label' %> <%= text_field_tag 'saml_config[idp_cert_fingerprint]', saml_config['idp_cert_fingerprint'], class: 'input input-bordered w-full', placeholder: 'AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD', required: true %>
SHA1 fingerprint of your IdP's certificate
<%= label_tag 'saml_config[sp_entity_id]', 'Service Provider Entity ID', class: 'label' %> <%= text_field_tag 'saml_config[sp_entity_id]', saml_config['sp_entity_id'] || 'docuseal', class: 'input input-bordered w-full', placeholder: 'docuseal', required: true %>
Unique identifier for this DocuSeal instance
<%= label_tag 'saml_config[name_identifier_format]', 'Name ID Format', class: 'label' %> <%= select_tag 'saml_config[name_identifier_format]', options_for_select([ ['Email Address', 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'], ['Persistent', 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'], ['Transient', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] ], saml_config['name_identifier_format'] || 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'), class: 'select select-bordered w-full' %>
Format for the user identifier sent by your IdP
Attribute Mapping
<%= label_tag 'saml_config[email_attribute]', 'Email Attribute', class: 'label' %> <%= text_field_tag 'saml_config[email_attribute]', saml_config['email_attribute'] || 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', class: 'input input-bordered w-full', placeholder: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' %>
SAML attribute name that contains the user's email
<%= label_tag 'saml_config[first_name_attribute]', 'First Name Attribute', class: 'label' %> <%= text_field_tag 'saml_config[first_name_attribute]', saml_config['first_name_attribute'] || 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname', class: 'input input-bordered w-full', placeholder: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname' %>
SAML attribute name that contains the user's first name
<%= label_tag 'saml_config[last_name_attribute]', 'Last Name Attribute', class: 'label' %> <%= text_field_tag 'saml_config[last_name_attribute]', saml_config['last_name_attribute'] || 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname', class: 'input input-bordered w-full', placeholder: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname' %>
SAML attribute name that contains the user's last name
Service Provider Information
<%= svg_icon('info_circle', class: 'w-6 h-6') %>

Configuration URLs for your Identity Provider

Assertion Consumer Service URL:

<%= "#{request.base_url}/auth/saml/callback" %>

SP Metadata URL:

<%= "#{request.base_url}/auth/saml/metadata" %> " class="btn btn-sm btn-outline" target="_blank" title="Download SAML Metadata"> Download

SP Entity ID:

<%= saml_config['sp_entity_id'] || 'docuseal' %>
<%= f.submit 'Save SAML Configuration', class: 'btn btn-primary' %> <% if @encrypted_config.persisted? && @encrypted_config.value.present? %> <%= link_to 'Test SAML Login', user_saml_omniauth_authorize_path, method: :post, class: 'btn btn-outline', data: { turbo: false } %> <% end %>
<% end %>