This guide explains the settings you need to configure SAML on your Identity Provider so that it works with Ory Polis. Once set up, your IdP returns an XML metadata file that you then register with Ory Polis using the Polis API orDocumentation Index
Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
Use this file to discover all available pages before exploring further.
addConnection controller method.
Service Provider settings
Create the following entries in your IdP exactly as shown:| Setting | Value |
|---|---|
| Assertion Consumer Service URL / Single Sign-On URL / Destination URL | http://localhost:5225/api/oauth/saml |
| Entity ID / Identifier / Audience URI / Audience Restriction | https://saml.boxyhq.com |
| Response | Signed |
| Assertion Signature | Signed |
| Signature Algorithm | RSA-SHA256 |
| Assertion Encryption | Unencrypted |
The deployed Ory Polis service exposes the Service Provider (SP) metadata for the values above at
/.well-known/saml-configuration.SAML profile, claims, and attribute mapping
Ory Polis supports four attributes in the incoming SAML claims:id, email, firstName, and lastName. The table below shows how the standard SAML attribute URIs map to these fields for most Identity Providers. Some providers use custom names — refer to that provider’s documentation for the exact mapping.
| SAML Attribute | Ory Polis mapping |
|---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | id |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | email |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | firstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | lastName |
Next steps
After you complete the IdP-side configuration:- Download the IdP metadata XML from your Identity Provider.
- Create a new SAML connection in Ory Polis using that metadata.
- Point TrueFoundry SSO at your Ory Polis deployment as described in the SSO Overview.