• Public
  • Public/Protected
  • All

Interface EndpointSAMLMutate


  • EndpointSAMLMutate



Optional allowIdpInitiated

allowIdpInitiated: boolean

If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.


authorizedGroups: string[]

If present, only users who are a member of one of the listed groups may access the target endpoint.


cookiePrefix: string

the prefix of the session cookie that ngrok sets on the http client to cache authentication. default is 'ngrok.'

Optional enabled

enabled: boolean

true if the module will be applied to traffic, false to disable. default true if unspecified


forceAuthn: boolean

If true, indicates that whenever we redirect a user to the IdP for authentication that the IdP must prompt the user for authentication credentials even if the user already has a valid session with the IdP.


idpMetadata: string

The full XML IdP EntityDescriptor. Your IdP may provide this to you as a a file to download or as a URL.


inactivityTimeout: number

Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.


maximumDuration: number

Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.


nameidFormat: string

Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.


optionsPassthrough: boolean

Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.

Generated using TypeDoc