SAML static configuration documentation may be misleading #667
Description
Greetings,
the line
**SAML Entity ID** should be the URL to your Redash instance
seems to be misleading in quite a lot of cases
This value is used as entity_id in https://github.com/getredash/redash/blob/master/redash/authentication/saml_auth.py#L17 to generate the inline SAML metadata passed to PySAML2
When using Dynamic configuration Redash will directly download the metadata from the configured IdP and from the various cases I've seen the EntityID/entity_id is very rarely the final application homepage i.e. Redash
Here are a few examples:
-
AWS Identity Center / SSO
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=randomid... -
Google Workspace / GSuite
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://portal.sso.region.amazonaws.com/saml/assertion/randomid... -
example found at https://wiki.geant.org/display/eduGAIN/Basic+IdP+Metadata+Example
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://idp.example.com/idp/shibboleth" -
example found at https://www.ibm.com/docs/en/tarm/8.8.0?topic=authentication-example-idp-metadata
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exkexl6xc9MhzqiC30h7">
Could the documentation be updated to reflect the Entity ID should be set with the EntityID attribue value found in the metadata XML under the md:EntityDescriptor XML tag ?