fix(core): should not apply custom domain to SAML app SP entity ID (#7055)

packages/core/src/routes/saml-application/anonymous.ts

@@ -285,7 +285,7 @@ export default function samlApplicationAnonymousRoutes<T extends AnonymousRouter
         log.append({ extractResultData: extractResult.data });
 
         assertThat(
-          extractResult.data.issuer === samlApplication.config.entityId,
+          extractResult.data.issuer === samlApplication.config.spEntityId,
           'application.saml.auth_request_issuer_not_match'
         );
 
@@ -385,7 +385,7 @@ export default function samlApplicationAnonymousRoutes<T extends AnonymousRouter
         log.append({ extractResultData: extractResult.data });
 
         assertThat(
-          extractResult.data.issuer === samlApplication.config.entityId,
+          extractResult.data.issuer === samlApplication.config.spEntityId,
           'application.saml.auth_request_issuer_not_match'
         );
 

packages/core/src/saml-application/SamlApplication/index.ts

@@ -91,9 +91,9 @@ class SamlApplicationConfig {
     return this._details.secret;
   }
 
-  public get entityId() {
+  public get spEntityId() {
     assertThat(this._details.entityId, 'application.saml.entity_id_required');
-    return this.normalizeUrlHost(this._details.entityId);
+    return this._details.entityId;
   }
 
   public get acsUrl() {
@@ -519,7 +519,7 @@ export class SamlApplication {
 
   private buildSpConfig(): SamlServiceProviderConfig {
     return {
-      entityId: this.config.entityId,
+      entityId: this.config.spEntityId,
       acsUrl: this.config.acsUrl,
       certificate: this.config.encryption?.certificate,
     };