Is it expected to have to set trustedOrigins to utilise SAML providers?
We are observing intermittent origin validation failures in our testing when using SAML, obviously this is fixed by including our SAML provider within our list of trusted origins. However, since this isn't outlined in the SSO plugin documentation, nor the Okta quickstart, we're wondering if we're just doing something wrong.
4 Replies
Additionally noting, the Okta quickstart does not outline that Okta removes the origin header on non-https returns:
https://support.okta.com/help/s/article/origin-header-is-missing-for-outgoing-saml-requests-causing-cors-errors?language=en_US
are you being required to set the provider url as a trusted origin?
Yes
"better-auth": "^1.3.28",
"@better-auth/sso": "^1.3.28",
2025-10-21T15:13:37.359Z ERROR [Better Auth]: Invalid origin: https://ourokta
2025-10-21T15:13:37.359Z INFO [Better Auth]: If it's a valid URL, please add https://ourokta to trustedOrigins in your auth config
I’ll take a look with SSO it shouldn’t be required