Modules
Public entry points for strict-by-default SAML protocol flows.
Value struct representing the resolved trust relationship for a SAML connection.
Public extension contract for resolving the SAML connection context.
Thin persisted-connection resolver adapter.
Diagnostic bundle orchestration service.
Compiles system state and metrics into an explicitly redacted, in-memory .zip archive.
Explicit redaction and transformation engine for diagnostic bundle generation. Ensures that sensitive data (PII, secrets, keys) does not leak when exporting system state for debugging.
Coordinator for bulk operations across multiple connections.
Stable typed error contract for Relyra security and protocol paths.
Optional LiveView admin surface helpers.
Mountable LiveView router for the optional Relyra admin surface.
Resolved admin scope for the optional LiveView surface.
Host callback contract for resolving admin actor and organization scope.
The successful outcome of a SAML response consumption.
Phase 21 scheduled-refresh wrapper per D-05. Does NOT re-implement
Relyra.Metadata.Refresh.refresh/2 — wraps it from outside, inserting
the asymmetric-strictness checks D-15..D-21 BEFORE any deep parse.
Pure exponential-backoff schedule for Phase 21 auto-suspend per D-25.
Pure cadence resolver for Phase 21 scheduled metadata refresh.
Drift detection for Phase 21 scheduled metadata refresh per D-18.
Pure D-27 classifier. Maps a Phase-21 error-code atom to three flags
that drive the [:relyra, :saml, :metadata, :auto_refresh, ...] state
machine and telemetry payload (D-23/D-27).
Phase 21 scheduled metadata refresh entry point per D-01.
Operator-pinned trust-anchor check for Phase 21 scheduled metadata refresh per D-17.
Optional-deps gateway for Oban (D-02, D-37 canonical pattern). Lets the
Phase 21 worker (Relyra.Workers.MetadataRefresh) and the documented
Oban Cron one-liner reference Oban modules even when Oban is not in the
adopter's deps tree.
Phoenix integration for Relyra.
Plug to skip CSRF protection for SAML ACS routes.
Exposes the saml_routes/2 macro for mounting SAML endpoints in a Phoenix router.
Represents the verified subject identity and attributes from a SAML assertion.
Provider preset registry for known SAML IdPs.
Public extension contract for atomic replay-key consumption.
Public extension contract for request-intent persistence and one-time consumption.
Batch traversal function to check for expiring SAML certificates.
Security utility for validating redirect paths to prevent Open Redirect vulnerabilities.
Hardened XML seam contract for trust-sensitive SAML handling.
Runtime security-corpus gate for the Phase 21 scheduled-refresh path per D-21.
Pure-BEAM baseline adapter for XML seam enforcement.
Public extension contract for handing off authenticated subjects to host sessions.
Telemetry catalog for Relyra SAML events.
Optional reference handler for Phase 21 scheduled metadata refresh
telemetry. Emits one redaction-aware Logger line per documented
[:relyra, :saml, :metadata, :auto_refresh, ...] event.
Test helpers for adapter and controller tests.
A small in-process SAML response builder for tests.
Public extension contract for mapping validated assertion data into user attributes.
Optional Oban worker that drives Relyra.Metadata.Scheduler.run_due/2
per D-02. Compiles whether or not Oban is in the adopter's deps tree
(Pitfall 5 — mix compile --no-optional-deps --warnings-as-errors
lane).
Mix Tasks
Generates the checked-in batteries-included proof artifact from executable repo state.
Generates the checked-in conformance report from executable manifest state.
Generates a diagnostic bundle of the current Relyra state.
Pins a SHA-256 trust fingerprint onto a connection's metadata source.
Runs any due Phase 21 scheduled metadata refreshes once.
Generates the checked-in security review evidence packet from executable security state.