WebsiteCommunityDeveloperFree Trial
Search…
Rocket.Chat Documentation
Getting Support
Development Docs
Quick Start
Deploying Rocket.Chat
Scaling Rocket.Chat
Accessing Your Workspace
Installing Client Apps
Upgrading Rocket.Chat
Environment Configuration
Guides
User Guides
Administration
Basic White-labeling
Identity Management (EE vs CE)
Admin Panel
Go Fully Featured
Info
Import
Users
Rooms (aka Channels)
Invites
Connectivity Services
View Logs
Custom sounds
Federation Dashboard
Apps
Email Inboxes
Custom Emoji
Integrations
OAuth Applications
Mailer
Custom User Status
Permissions
Settings
Accounts
Analytics
Assets
Atlassian Crowd
Blockstack
Bots
Call Center
CAS
Custom Emoji Filesystem
Custom Sound Filesystem
Discussion
E2E Encryption
Email
Enterprise
Federation
File Upload
General
IRC
IRC Federation
Layout
LDAP
Livestream & Broadcasting (Youtube)
Logs
Message
Meta
Mobile
OAuth
Omnichannel Admin's Guide
OTR
Push (Notifications Admin Guide)
Rate Limiter
Retention Policy
SAML
Rocket.Chat server settings
Simple SAML php
Active Directory Federation Services
Oracle Identity Cloud Service
Keycloak
Search
Setup Wizard
SlackBridge
Smarsh
SMS
Threads
Troubleshoot
User Data Download
Video Conference Admin Guide
Webdav Integration
WebRTC
Engagement Dashboard
Advanced Admin Settings
Omnichannel
Message Auditing Panel
Message Auditing Log
Rocket.Chat Call Center
App Guides
Mobile Guides
Roles in Rocket.Chat
Security and Compliance Guides
Brand and Visual Guidelines
Enterprise Edition Trial
Rocket.Chat SaaS
Cloud Account
Resources
Frequently Asked Questions
Contributors
How can I help?
Contributor Code of Conduct
Google Summer of Code
Google Season of Docs
Github Sponsorship
Legal
Terms of Service
Master Services Agreement for Self Managed Workspaces
Master Service Agreement for Professional Services
Privacy Policy
Privacy Policy Facebook Messenger
Code of Conduct for our services
GDPR
Censorship and Harmful Content
Guidelines for Law Enforcement
Server Lookup
DMCA Policy
Powered By GitBook
Rocket.Chat server settings

Custom Provider (Suffix to SP entityID)

This is the unique name for your application as a Service Provider (SP) for SAML. Whatever you enter here produces a metadata XML file you need in order to populate the metadata your IdP (Identity Provider) requires. For example, if you put 'my-app', then your metadata will be at:
https://my-rocketchat-domain.tld/_saml/metadata/my-app

Custom Entry Point (IDP SSO Redirect URL)

This is the URL provided by your IdP for logging in. In SAML-terminology, it refers to the location (URL) of the SingleSignOnService with the Redirect binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect).

IDP SLO Redirect URL

This is the URL provided by your IdP for logging out. In SAML-terminology, it refers to the location (URL) of the SingleLogoutService with the Redirect binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect).

Custom Issuer (SP entityID)

The URI is the unique identifier of your service. By convention, this is also the URL of your (unedited) metadata. Again, where you set Custom Provider to 'my-app', this will be:
https://my-rocketchat-domain.tld/_saml/metadata/my-app

Custom Certificate (IDP Signing Certificate)

This is the public certificate for IdP providers used to verify SAML requests. Format for this is PEM without -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

Public Cert Contents (SP Signing Certificate)

The public part of the self-signed certificate you created for encrypting your SAML transactions. Example of self-signed certificate on the SimpleSAMLphp website here.
Format for this is PEM WITH -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

Private Key Contents (SP Signing Private Key)

The private key matches the self-signed certificate you created as PKCS#1 PEM. Format for this is PEM WITH -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----.

SAML Assertion

You must send the Email field in your assertion, or it doesn't work. When the email matches the existing user, it overwrites the user's username with the username value, if that is in your assertion.

SAML Encryption

SAML Assertions encryption on either site might not work and cause signature validation to fail. See #10556 for more up to date information on this issue.
As a popular open-source IdP, SimpleSAMLphp can be used to provide an authentication endpoint for Rocket.Chat and the build-in SAML support. Assuming that you have a SimpleSAMLphp IdP up and running - QuickStart instructions here, you can find the metadata for the Rocket.Chat SAML Service Provider (SP) here, where 'my-app' is whatever you put in the Custom Provider box in the Rocket.Chat SAML admin page:
https://my-rocketchat-domain.tld/_saml/metadata/my-app
  1. 1.
    Copy the XML on this page
  2. 2.
    Open the metadata converter page in your SimpleSAMLphp admin UI found at: /admin/metadata-converter.php
  3. 3.
    Paste the XML, and submit it
  4. 4.
    Copy the resulting PHP output to the file in your SimpleSAMLphp installation under metadata: /metadata/saml20-sp-remote.php
  5. 5.
    You should now see your SP on the SimpleSAMLphp Federation page, listed as a trusted SAML 2.0 SP at: module.php/core/frontpage_federation.php
Previous
SAML
Next
Simple SAML php
Last modified 1mo ago
Export as PDF
Copy link
Contents
Custom Provider (Suffix to SP entityID)
Custom Entry Point (IDP SSO Redirect URL)
IDP SLO Redirect URL
Custom Issuer (SP entityID)
Custom Certificate (IDP Signing Certificate)
Public Cert Contents (SP Signing Certificate)
Private Key Contents (SP Signing Private Key)
SAML Assertion
SAML Encryption