Saml 2 Identity Provider Blueprint
SAML 2.0 identity provider with assertions and metadata
| Feature | saml-2-identity-provider |
| Category | Auth |
| Version | 1.0.0 |
| Tags | saml2, identity-provider |
| YAML Source | View on GitHub |
| JSON API | saml-2-identity-provider.json |
Fields
| Name | Type | Required | Label | Description |
|---|---|---|---|---|
issuer_entity_id | text | Yes | Issuer Entity ID | Validations: required |
assertion_consumer_url | url | Yes | Assertion Consumer URL | Validations: required, url |
Rules
- core: SAML protocol compliance
Outcomes
Assertion_issued (Priority: 5)
Given:
issuer_entity_idexistsnull
Then:
- emit_event event:
saml.assertion_created
Result: SAML assertion issued
Errors
| Code | Status | Message | Retry |
|---|---|---|---|
INVALID_ISSUER | 400 | Invalid issuer | No |
Events
| Event | Description | Payload |
|---|---|---|
saml.assertion_created | SAML assertion created | assertion_id |
AGI Readiness
Goals
Reliable Saml 2 Identity Provider
SAML 2.0 identity provider with assertions and metadata
Success Metrics:
| Metric | Target | Measurement |
|---|---|---|
| unauthorized_access_rate | 0% | Failed authorization attempts that succeed |
| response_time_p95 | < 500ms | 95th percentile response time |
Constraints:
- security (non-negotiable): Follow OWASP security recommendations
Autonomy
Level: supervised
Human Checkpoints:
- before making irreversible changes
Escalation Triggers:
error_rate > 5consecutive_failures > 3
Verification
Invariants:
- error messages never expose internal system details
Tradeoffs
| Prefer | Over | Reason |
|---|---|---|
| security | performance | authentication must prioritize preventing unauthorized access |
Safety
| Action | Permission | Cooldown | Max Auto |
|---|---|---|---|
| assertion_issued | autonomous | - | - |