diff --git a/packages/sso/src/routes/sso.ts b/packages/sso/src/routes/sso.ts index 6950298363..d95855c07f 100644 --- a/packages/sso/src/routes/sso.ts +++ b/packages/sso/src/routes/sso.ts @@ -10,7 +10,6 @@ import { import { APIError, createAuthEndpoint, - originCheck, sessionMiddleware, } from "better-auth/api"; import { setSessionCookie } from "better-auth/cookies"; @@ -110,7 +109,9 @@ export const spMetadata = () => { assertionConsumerService: [ { Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - Location: `${ctx.context.baseURL}/sso/saml2/sp/acs/${ctx.query.providerId}`, + Location: + parsedSamlConfig.callbackUrl || + `${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.id}`, }, ], wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false, @@ -1476,7 +1477,6 @@ export const callbackSSOSAML = (options?: SSOOptions) => { SAMLResponse: z.string(), RelayState: z.string().optional(), }), - use: [originCheck((ctx) => ctx.body.RelayState)], metadata: { isAction: false, allowedMediaTypes: [ @@ -1604,7 +1604,7 @@ export const callbackSSOSAML = (options?: SSOOptions) => { : [ { Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - Location: `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`, + Location: parsedSamlConfig.callbackUrl, }, ], privateKey: spData?.privateKey || parsedSamlConfig.privateKey, @@ -1820,7 +1820,9 @@ export const acsEndpoint = (options?: SSOOptions) => { "/sso/saml2/sp/acs/:providerId", { method: "POST", - + params: z.object({ + providerId: z.string().optional(), + }), body: z.object({ SAMLResponse: z.string(), RelayState: z.string().optional(), @@ -1919,7 +1921,9 @@ export const acsEndpoint = (options?: SSOOptions) => { assertionConsumerService: [ { Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - Location: `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`, + Location: + parsedSamlConfig.callbackUrl || + `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`, }, ], wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,