SAML application scripting

You can use the SAML application template (described in Custom SAML applications) to add a SAML-enabled web application to the app catalog. This template creates a SAML application profile for a web application that defines how the Privileged Access Service presents an authenticated user to the web application via a SAML assertion.

Each SAML application profile requires a custom SAML script. The script defines how the Privileged Access Service creates and presents a SAML assertion for each user’s session with the web application. Each application profile may also provide an optional user map script that determines the user’s application log-on name for use in the SAML assertion. Both scripts are written in JavaScript.

This guide provides these sections:

  • SAML authentication overview is an overview of the SAML authentication process for a user session with a web application. It shows how the Privileged Access Service works with a set of JavaScript objects during the process.
  • Writing a user map script describes how to write an optional user map script to specify an application user log-on name for a user session.
  • Writing a custom SAML script describes how to write the required custom SAML script to define a SAML assertion for a user session.
  • Scripting environment reference is a reference section for the objects, methods, and variables in the user map and SAML scripting environment.

To write a SAML script, you need to know how to write code in JavaScript. You also need to know the basics of SAML authentication to understand how to specify a SAML assertion. This guide provides some guidance about SAML configuration values, but for specifics you can consult the SAML specifications provided at For an introduction to SAML, try the overviews provided at