LogoLogo
  • Introduction
  • Features
  • Getting Started
    • Cortex User Guide
      • Organizations
      • Log in
      • Generate an API key
      • Make your first API request
      • Configure the org settings
      • Set up a data model
        • Create custom objects
        • Add custom properties
      • One-to-many relationships
      • Read and write data
      • Making a Request
      • Handling responses
      • Authentication
      • Two-factor authentication
      • Set third-party cookies
      • Connections
      • Upload files
      • Cortex iOS
      • Get started with Swift
      • Cortex service accounts
      • Cortex developer tools
      • Automated Account Notifications
  • Cortex API
    • Overview
    • Objects
      • Objects Overview
      • Organization
      • Account
      • Connections
      • Notifications
      • Stats
      • Logs
      • Export
      • Events
      • Room
    • Object Definition
      • Object Properties
        • Any
        • Binary
        • Boolean
        • Date
        • Document
        • File
        • Geometry
        • List
        • Number
        • ObjectId
        • Reference
        • String
    • Object Types
    • Access Control
    • Querying
      • Query Operators
      • Property Selection
      • Property Access
    • Aggregating
      • Aggregation Operators
    • Scripting
      • Script Types
      • Script Limits
      • ObjectId
      • CortexObject
        • Accounts
        • Views
      • Cursors
      • Operations
      • Script Modules
        • API Module
        • Base64 Module
        • Cache Module
        • Connections Module
        • Console Module
        • Consts Module
        • Counters Module
        • Crypto Module
        • HTTP Module
        • Logger Module
        • Notifications Module
        • Request Module
        • Response Module
        • SAML Module
        • Schemas Modules
        • Script Module
        • Session Module
        • Util.id Module
        • Util.ip Module
        • Util.paths Module
        • XML Module
        • Developer
        • Config
        • Renderer
        • SFTP
        • FTP
        • DB
          • Cursors
          • Driver
      • Static Methods
        • Accounts
        • Views
        • Cursors
      • Audit
      • Environments
      • HTTP Driver
      • Notifications
        • Firebase Cloud Messaging (FCM)
        • Tencent Push Notification Service Configuration
      • Televisit
      • Transforms
      • Localization
      • Available Javascript Libraries
    • Decorators
      • Runtime
        • Acl
        • As
        • Log
        • Profile
      • Static
        • Env
        • Job
        • Object
        • On
        • Policy
        • Route
        • Transform
        • Trigger
    • Expressions
      • Primer
      • Pipelines
      • Operators
      • Accumulators
      • Variables
      • Conditionals
      • Transforms
      • Triggers
      • On
      • Events
    • Faults
      • Fault Reference
  • Releases
    • Cortex Release Notes
      • Cortex API 2.28.3 (R3.4.6)
      • Cortex API 2.28.1 (R3.4.3)
      • Cortex API 2.27.2 (R3.4.1)
      • Cortex API 2.27.1 (R3.3.5)
      • SQL DB Connector 1.3.4 (R3.3.3)
      • Cortex API 2.26.2 (R3.3.1)
      • Cortex API 2.26.1 (R3.2.2)
      • Cortex API 2.26.0 (R3.2.1)
      • SQL DB Connector 1.3.3
      • Cortex API 2.25.0 (R3.1.1)
      • SQL DB Connector 1.3.2 (R3.1.0)
      • Cortex API 2.24.2 (R3.0.2)
      • SQL DB Connector 1.3.1 (R3.0.0)
      • Cortex API 2.24.1 (R2.3.3)
      • Cortex API 2.24.0 (R2.3.2)
      • SQL DB Connector 1.3.0 (R2.3.0)
      • Cortex API 2.23.0 (R2.2.4)
      • SQL DB Connector 1.2.0 (R2.2.0)
      • Cortex API 2.22.2 (R2.1.2)
      • Cortex API 2.22.1 and SQL DB Connector 1.1.1 (R2.0.1)
      • Cortex API 2.22.0
      • Cortex API 2.21.3
      • Cortex API 2.21.2
      • Cortex Web 4.16.0
      • Cortex Web 4.15.1
      • Cortex API 2.20.1
      • Cortex Web 4.14.0
      • Cortex Renderer 1.3.3
      • Cortex API 2.19.4
      • Cortex API 2.19.3 and Cortex Web 4.13.1
      • Cortex Renderer 1.3.2
      • Cortex API 2.19.1
      • Cortex API 2.18.0
      • Cortex API 2.17.6
      • Cortex API 2.17.5
      • Cortex API 2.17.4
      • Cortex API 2.17.3
      • Cortex API 2.17.2
      • Cortex API 2.17.1
      • Cortex API 2.16.0
      • Cortex API 2.15.9
      • Cortex API 2.15.8-1
      • Cortex 2.15.8
      • Cortex API 2.18.1
      • Cortex API 2.16.1
      • Cortex Renderer 1.3.1
      • Cortex Renderer 1.3.0
      • Cortex Renderer 1.2.2
      • Cortex Renderer 1.2.1
      • Cortex Renderer 1.2.0
    • Third-Party License Attribution

© 2025 Medable, Inc. All rights reserved.

On this page
  • IdentityProvider
  • IdentityProvider(options)
  • ServiceProvider
  • ServiceProvider(options)
  • ServiceProvider.create_login_request_url(idp, options)
  • ServiceProvider.create_logout_request_url(idp, options)
  • ServiceProvider.create_logout_response_url(idp, options)
  • ServiceProvider.create_metadata()
  • ServiceProvider.post_assert(idp, options)
  • ServiceProvider.redirect_assert(idp, options)

Was this helpful?

  1. Cortex API
  2. Scripting
  3. Script Modules

SAML Module

Last updated 3 years ago

Was this helpful?

The SAML module allows you to implement Single-Sign-On via SAML v2.0 protocol. Using this library, you can configure your org to act as a Service Provider.Import

import { ServiceProvider, IdentityProvider } from 'saml'

IdentityProvider

The configuration for a service that authenticates users in the SAML flow.

IdentityProvider(options)

Creates a new instance of IdentityProvider, required as an argument for ServiceProvider methods.

Arguments

  • options (Object)

    • sso_login_url (String) The login URL to use during a login request.

    • sso_logout_url (String) The logout URL to use during a logout request.

    • certificates (String[]) An array of PEM formatted certificates.

    • force_authn (Boolean=false) If true, forces re-authentication.

    • sign_get_request (Boolean=false) If true, signs the request.

    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.

ServiceProvider

ServiceProvider(options)

A service provider that uses an IdentityProvider for authentication in the SAML flow.

Arguments

  • options (Object)

    • entity_id (String The unique sp identifier (often the URL of the metadata file).

    • private_key (String) Service provider private key in PEM format.

    • certificate (String) Service provider certificate in PEM format.

    • assert_endpoint (String) The URL of service provider assert endpoint.

    • alt_private_keys (String[]) Additional private keys to use when attempting to decrypt responses (for rollover).

    • alt_certs (String[]) Additional certificates to expose in the SAML metadata (for rollover).

    • force_authn (Boolean=false) If true, forces re-authentication.

    • auth_context (String) The SAML AuthnContextClassRef.

    • nameid_format (String) The Name ID format.

    • sign_get_request (Boolean=false) If true, signs the request.

    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.

Returns

  • updated (ServiceProvider) true if the value was set, or false if the cache value did not initially equal chk.

ServiceProvider.create_login_request_url(idp, options)

Get a URL to initiate a login.

Arguments

  • idp (IdentityProvider) An IdentityProvider instance.

  • options (Object)

    • relay_state (String) The SAML relay state.

    • force_authn (Boolean=false) If true, forces re-authentication.

    • auth_context (String) The SAML AuthnContextClassRef.

    • nameid_format (String) The Name ID format.

    • sign_get_request (Boolean=false) If true, signs the request.

Returns

  • response (Object)

    • url the request url

    • id the request id

ServiceProvider.create_logout_request_url(idp, options)

Creates a SAML Request URL to initiate a user logout.

Arguments

  • idp (IdentityProvider) An IdentityProvider instance.

  • options (Object)

    • relay_state (String) The SAML relay state.

    • nameid_format (String) The Name ID format.

    • sign_get_request (Boolean=false) If true, signs the request.

    • session_index (String) The session index to use.

    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.

Returns

  • url (String) The request url.

ServiceProvider.create_logout_response_url(idp, options)

Creates a SAML Response URL to confirm a successful IdP initiated logout.

Arguments

  • idp (IdentityProvider) An IdentityProvider instance.

  • options (Object)

    • in_response_to (String) The ID of the request that this is in response to. Should be checked against any sent request IDs.

    • sign_get_request (Boolean=false) If true, signs the request.

    • relay_state (String) The SAML relay state.

Returns

  • url (String) The request url.

ServiceProvider.create_metadata()

Returns the XML metadata used during the initial SAML configuration.

Returns

  • url (String)

ServiceProvider.post_assert(idp, options)

Gets a SAML response object if the login attempt is valid, used for post binding.

Arguments

  • idp (IdentityProvider) An IdentityProvider instance.

  • options (Object)

    • request_body (Object) An object containing the parsed query string parameters. This object should contain the value for either a SAMLResponse or SAMLRequest.

    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.

    • require_session_index (Boolean=false) If false, allow the assertion to be valid without a SessionIndex attribute on the AuthnStatement node.

Returns

  • response (Object) A SAML response object.

    • response_header (Object)

      • id (String)

      • destination (String)

      • in_response_to (String)

    • type "authn_response" (String)

    • user (Object)

      • name_id (String)

      • session_index (String)

      • attributes (Object)

ServiceProvider.redirect_assert(idp, options)

Gets a SAML response object if the login attempt is valid, used for redirect binding.

Arguments

  • idp (IdentityProvider) An IdentityProvider instance.

  • options (Object)

    • request_body (Object) An object containing the parsed query string parameters. This object should contain the value for either a SAMLResponse or SAMLRequest.

    • allow_unencrypted_assertion (Boolean=false) If true, allows unencrypted assertions.

    • require_session_index (Boolean=false) If false, allow the assertion to be valid without a SessionIndex attribute on the AuthnStatement node.

    Returns

    • response (Object) A SAML response object.

      • response_header (Object)

        • id (String)

        • destination (String)

        • in_response_to (String)

      • type "authn_response" (String)

      • user (Object)

        • name_id (String)

        • session_index (String)

        • attributes (Object)

IdentityProvider(options)
ServiceProvider(options)
ServiceProvider.create_login_request_url(idp, options)
ServiceProvider.create_logout_request_url(idp, options)
ServiceProvider.create_logout_response_url(idp, options)
ServiceProvider.create_metadata()
ServiceProvider.post_assert(idp, options)
ServiceProvider.redirect_assert(idp, options)