All Docs
FeaturesCSI Teachable Replacement AppUpdated March 13, 2026

Bug Fix: SSO Config Form Now Shows Correct ACS and Entity ID URLs

Bug Fix: SSO Config Form Now Shows Correct ACS and Entity ID URLs

Release: v1.0.23

Overview

A bug in the SSO configuration settings panel caused it to display incorrect, static placeholder URLs for the SAML ACS URL and Entity ID. This meant that any Identity Provider (IdP) administrator who followed the in-app instructions to configure SAML SSO would have entered wrong endpoint values, resulting in broken SSO logins for their organisation's users.

This post explains what was wrong, what was fixed, and what action — if any — you need to take.

The Problem

When an administrator navigated to Settings → SSO and set up a SAML integration, the form displayed two key values they were expected to copy into their IdP:

  • ACS URL (Assertion Consumer Service URL): /api/auth/callback/saml
  • Entity ID / Metadata URL: /api/auth/saml/metadata

These are generic placeholders and do not correspond to real, working endpoints. The actual SAML endpoints on this platform are scoped per organisation and follow this pattern:

  • ACS URL: https://<your-domain>/api/auth/sso/<orgSlug>/saml/callback
  • Entity ID / Metadata URL: https://<your-domain>/api/auth/sso/<orgSlug>/saml/metadata

The correct org-scoped endpoints existed all along in the backend — the only thing broken was the values the admin UI was telling admins to use.

The Fix

The SSO configuration form (src/app/dashboard/settings/sso-config-form.tsx) has been updated to:

  1. Read the organisation slug from the current session context (via useOrg()).
  2. Construct fully-qualified, org-scoped URLs at runtime using window.location.origin and the org slug:
    • ACS URL: ${window.location.origin}/api/auth/sso/${orgSlug}/saml/callback
    • Entity ID: ${window.location.origin}/api/auth/sso/${orgSlug}/saml/metadata
  3. Display these correct URLs in the form so administrators can copy and paste them directly into their IdP.

No backend or routing changes were required. The endpoints themselves were already correct.

Action Required

If you have not yet configured a SAML IdP

No action needed. Open Settings → SSO, and the correct URLs will be shown.

If you previously configured a SAML IdP using the old values

Your IdP configuration contains the incorrect placeholder URLs. SAML SSO will not work until you update them.

Steps to fix:

  1. Log in to your dashboard and navigate to Settings → SSO.
  2. Copy the updated ACS URL and Entity ID values now displayed in the form.
  3. Log in to your IdP administration console (e.g. Okta, Azure AD, Google Workspace, OneLogin).
  4. Locate the SAML application or integration you created for this platform.
  5. Replace the old ACS URL and Entity ID / Audience URI with the new values.
  6. Save the changes in your IdP.
  7. Test a SAML login to confirm SSO is working correctly.

Reference: Correct URL Format

FieldFormat
ACS URLhttps://<your-domain>/api/auth/sso/<orgSlug>/saml/callback
Entity IDhttps://<your-domain>/api/auth/sso/<orgSlug>/saml/metadata
Metadata URLhttps://<your-domain>/api/auth/sso/<orgSlug>/saml/metadata

Replace <your-domain> with your platform domain and <orgSlug> with your organisation's slug (visible in the SSO settings form).

Questions?

If you encounter any issues after updating your IdP configuration, contact support with your organisation slug and the name of your IdP so the team can assist.