From a729601dff6ec37201848b389c2c90909eb60e09 Mon Sep 17 00:00:00 2001
From: zoetrope <a.ikezoe@gmail.com>
Date: Thu, 13 Oct 2016 10:19:41 +0900
Subject: [PATCH] specify entityid in AuthnRequest in SAML

---
 docs/dev/saml.rst                  | 3 +++
 redash/authentication/saml_auth.py | 3 +++
 redash/settings.py                 | 1 +
 3 files changed, 7 insertions(+)

diff --git a/docs/dev/saml.rst b/docs/dev/saml.rst
index 5fff029b4..1fd30a845 100644
--- a/docs/dev/saml.rst
+++ b/docs/dev/saml.rst
@@ -10,6 +10,9 @@ needs to point to the SAML provider metadata url, eg https://app.onelogin.com/sa
 And an optional REDASH_SAML_CALLBACK_SERVER_NAME which contains the
  server name of the redash server for the callbacks from the SAML provider (eg demo.redash.io)
 
+If you want to specify entityid in AuthnRequest,
+add REDASH_SAML_ENTITY_ID config value, eg http://demo.redash.io/saml/callback
+
 On the SAML provider side, example configuration for OneLogin is:
 SAML Consumer URL: http://demo.redash.io/saml/login
 SAML Audience: http://demo.redash.io/saml/callback
diff --git a/redash/authentication/saml_auth.py b/redash/authentication/saml_auth.py
index 80fa5d2f9..ab7c19b24 100644
--- a/redash/authentication/saml_auth.py
+++ b/redash/authentication/saml_auth.py
@@ -63,6 +63,9 @@ def get_saml_client():
             },
         },
     }
+    if settings.SAML_ENTITY_ID != "":
+        saml_settings['entityid'] = settings.SAML_ENTITY_ID
+
     spConfig = Saml2Config()
     spConfig.load(saml_settings)
     spConfig.allow_unknown_attributes = True
diff --git a/redash/settings.py b/redash/settings.py
index 316a14afb..515b19859 100644
--- a/redash/settings.py
+++ b/redash/settings.py
@@ -88,6 +88,7 @@ GOOGLE_CLIENT_ID = os.environ.get("REDASH_GOOGLE_CLIENT_ID", "")
 GOOGLE_CLIENT_SECRET = os.environ.get("REDASH_GOOGLE_CLIENT_SECRET", "")
 GOOGLE_OAUTH_ENABLED = GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET
 
+SAML_ENTITY_ID = os.environ.get("REDASH_SAML_ENTITY_ID", "")
 SAML_METADATA_URL = os.environ.get("REDASH_SAML_METADATA_URL", "")
 SAML_LOGIN_ENABLED = SAML_METADATA_URL != ""
 SAML_CALLBACK_SERVER_NAME = os.environ.get("REDASH_SAML_CALLBACK_SERVER_NAME", "")