fixed the SAML callback URL to unconfigurable.

config.json.example

@@ -79,7 +79,6 @@
             "idpSsoUrl": "change: authentication endpoint of IdP",
             "idpCert": "change: certificate file path of IdP in PEM format",
             "issuer": "change or delete: identity of the service provider (default: serverurl)",
-            "callbackUrl": "change or delete: callback url to consume assertions (default: serverurl+'/auth/saml/callback')",
             "identifierFormat": "change or delete: name identifier format (default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress')",
             "groupAttribute": "change or delete: attribute name for group list (ex: memberOf)",
             "requiredGroups": [ "change or delete: group names that allowed" ],

lib/config/default.js

@@ -102,7 +102,6 @@ module.exports = {
     idpSsoUrl: undefined,
     idpCert: undefined,
     issuer: undefined,
-    callbackUrl: undefined,
     identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
     groupAttribute: undefined,
     externalGroups: [],

lib/web/auth/saml/index.js

@@ -13,7 +13,7 @@ const intersection = function (array1, array2) { return array1.filter((n) => arr
 let samlAuth = module.exports = Router()
 
 passport.use(new SamlStrategy({
-  callbackUrl: config.saml.callbackUrl || config.serverurl + '/auth/saml/callback',
+  callbackUrl: config.serverurl + '/auth/saml/callback',
   entryPoint: config.saml.idpSsoUrl,
   issuer: config.saml.issuer || config.serverurl,
   cert: fs.readFileSync(config.saml.idpCert, 'utf-8'),