matrix-org · clokep · Nov 19, 2020 · Oct 21, 2020 · Oct 22, 2020 · Oct 22, 2020
@@ -0,0 +1 @@
+Allow specification of the SAML IdP if the metadata returns multiple IdPs.
@@ -61,6 +61,7 @@ class SamlHandler:
     def __init__(self, hs: "synapse.server.HomeServer"):
         self.hs = hs
         self._saml_client = Saml2Client(hs.config.saml2_sp_config)
+        self._saml_idp_entityid = hs.config.saml2_sp_config.getattr("idp")
         self._auth = hs.get_auth()
         self._auth_handler = hs.get_auth_handler()
         self._registration_handler = hs.get_registration_handler()
@@ -124,7 +125,7 @@ def handle_redirect_request(
             URL to redirect to
         """
         reqid, info = self._saml_client.prepare_for_authenticate(
-            relay_state=client_redirect_url
+            entityid=self._saml_idp_entityid, relay_state=client_redirect_url
         )
 
         # Since SAML sessions timeout it is useful to log when they were created.