From f23de2fa223de316aa9e840365b5c28052037257 Mon Sep 17 00:00:00 2001
From: Antoine Moreaux <moreaux.antoine@gmail.com>
Date: Fri, 24 Jan 2025 14:52:42 +0100
Subject: [PATCH] chore(auth): update SAML strategy configuration (#9829)

Added `disableRequestedAuthnContext` flag to SAML auth strategy to align
with compatibility requirements. Adjustments ensure seamless integration
with certain Identity Providers. No functional impact on existing flows.
---
 .../engine/core-modules/auth/strategies/saml.auth.strategy.ts  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/saml.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/saml.auth.strategy.ts
index d18e0c79d..822b80f5e 100644
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/saml.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/saml.auth.strategy.ts
@@ -36,9 +36,10 @@ export class SamlAuthStrategy extends PassportStrategy(
                 issuer: this.sSOService.buildIssuerURL(identityProvider),
                 callbackUrl: this.sSOService.buildCallbackUrl(identityProvider),
                 idpCert: identityProvider.certificate,
-                wantAssertionsSigned: false,
                 // TODO: Improve the feature by sign the response
+                wantAssertionsSigned: false,
                 wantAuthnResponseSigned: false,
+                disableRequestedAuthnContext: true,
                 signatureAlgorithm: 'sha256',
               };