Author: Calvin C. Chan at https://calvincchan.com
Run a simple local instance of Supabase and test SAML Sign Sign-on with a minimal React app.
-
copy
example.envto.env. The.envfile aleady contains a working SAML private key. If you want to change it, you can use the./scripts/genkey.shto generate a new key that is already base64 encoded and copy it toGOTRUE_SAML_PRIVATE_KEYof the.envfile. -
docker compose up -d -
Add the SAML Identity Provider metadata to the Supabase instance.
API_KEY=(your supabase service role key);
curl -X POST http://localhost:8000/auth/v1/admin/sso/providers \
-H 'APIKey: '"$API_KEY"'' \
-H 'Authorization: Bearer '"$API_KEY"'' \
-H 'Content-Type: application/json' \
-d '{
"type": "saml",
"metadata_url": "(paste the SAML Metadata URL here)",
"domains": ["auth0.com"]
"attribute_mapping": {
"keys": {
"email": { "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" },
"given_name": { "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" },
"name": { "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" },
"family_name": { "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" },
"name_id": { "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" }
}
}
}';for more options please see my blog posts:
- https://calvincchan.com/blog/self-hosted-supabase-enable-sso
- https://calvincchan.com/blog/240228_self_hosted_supabase_with_saml_attribute_mapping
-
cd
client -
yarn install -
yarn dev
Note: if you changed the JWT_SECRET, ANON_KEY or SERVICE_ROLE_KEY, please also update the value of SUPABASE_KEY in src/supabase-client.ts.