specify entityid in AuthnRequest in SAML

docs/dev/saml.rst

@@ -10,6 +10,9 @@ needs to point to the SAML provider metadata url, eg https://app.onelogin.com/sa
 And an optional REDASH_SAML_CALLBACK_SERVER_NAME which contains the
  server name of the redash server for the callbacks from the SAML provider (eg demo.redash.io)
 
+If you want to specify entityid in AuthnRequest,
+add REDASH_SAML_ENTITY_ID config value, eg http://demo.redash.io/saml/callback
+
 On the SAML provider side, example configuration for OneLogin is:
 SAML Consumer URL: http://demo.redash.io/saml/login
 SAML Audience: http://demo.redash.io/saml/callback

redash/authentication/saml_auth.py

@@ -63,6 +63,9 @@ def get_saml_client():
             },
         },
     }
+    if settings.SAML_ENTITY_ID != "":
+        saml_settings['entityid'] = settings.SAML_ENTITY_ID
+
     spConfig = Saml2Config()
     spConfig.load(saml_settings)
     spConfig.allow_unknown_attributes = True

redash/settings.py

@@ -88,6 +88,7 @@ GOOGLE_CLIENT_ID = os.environ.get("REDASH_GOOGLE_CLIENT_ID", "")
 GOOGLE_CLIENT_SECRET = os.environ.get("REDASH_GOOGLE_CLIENT_SECRET", "")
 GOOGLE_OAUTH_ENABLED = GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET
 
+SAML_ENTITY_ID = os.environ.get("REDASH_SAML_ENTITY_ID", "")
 SAML_METADATA_URL = os.environ.get("REDASH_SAML_METADATA_URL", "")
 SAML_LOGIN_ENABLED = SAML_METADATA_URL != ""
 SAML_CALLBACK_SERVER_NAME = os.environ.get("REDASH_SAML_CALLBACK_SERVER_NAME", "")