# relyra v1.1.0 - Table of Contents > Strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. ## Pages - [Relyra](readme.md) - [Batteries Included Proof](batteries_included-1.md) - [Changelog](changelog.md) - [Conformance](conformance.md) - [Security Policy](security.md) - [Security Review Packet](security_review.md) - [Security Review Evidence](security_review_evidence.md) - [Security Boundary Map](security_boundary.md) - [Security Findings Ledger](security_findings.md) - [Batteries Included](batteries_included-2.md) - [Getting Started](getting_started.md) - [Operator-Managed Rollout](operator_managed_rollout.md) - [Phoenix SaaS Tenant Onboarding](phoenix_saas_tenant_onboarding.md) - [Okta + Relyra](okta.md) - [Microsoft Entra ID + Relyra](entra.md) - [Google Workspace + Relyra](google_workspace.md) ## Modules - [Relyra](Relyra.md): Public entry points for strict-by-default SAML protocol flows. - [Relyra.Connection](Relyra.Connection.md): Value struct representing the resolved trust relationship for a SAML connection. - [Relyra.ConnectionResolver](Relyra.ConnectionResolver.md): Public extension contract for resolving the SAML connection context. - [Relyra.ConnectionResolver.Ecto](Relyra.ConnectionResolver.Ecto.md): Thin persisted-connection resolver adapter. - [Relyra.Diagnostic](Relyra.Diagnostic.md): Diagnostic bundle orchestration service. Compiles system state and metrics into an explicitly redacted, in-memory `.zip` archive. - [Relyra.Diagnostic.AllowList](Relyra.Diagnostic.AllowList.md): Explicit redaction and transformation engine for diagnostic bundle generation. Ensures that sensitive data (PII, secrets, keys) does not leak when exporting system state for debugging. - [Relyra.Ecto.BulkActions](Relyra.Ecto.BulkActions.md): Coordinator for bulk operations across multiple connections. - [Relyra.Error](Relyra.Error.md): Stable typed error contract for Relyra security and protocol paths. - [Relyra.LiveAdmin](Relyra.LiveAdmin.md): Optional LiveView admin surface helpers. - [Relyra.LiveAdmin.AttributeMappingForm](Relyra.LiveAdmin.AttributeMappingForm.md) - [Relyra.LiveAdmin.AttributeMappingsForm](Relyra.LiveAdmin.AttributeMappingsForm.md) - [Relyra.LiveAdmin.GroupMappingForm](Relyra.LiveAdmin.GroupMappingForm.md) - [Relyra.LiveAdmin.GroupMappingsForm](Relyra.LiveAdmin.GroupMappingsForm.md) - [Relyra.LiveAdmin.Router](Relyra.LiveAdmin.Router.md): Mountable LiveView router for the optional Relyra admin surface. - [Relyra.LiveAdmin.Scope](Relyra.LiveAdmin.Scope.md): Resolved admin scope for the optional LiveView surface. - [Relyra.LiveAdmin.ScopeProvider](Relyra.LiveAdmin.ScopeProvider.md): Host callback contract for resolving admin actor and organization scope. - [Relyra.LoginResult](Relyra.LoginResult.md): The successful outcome of a SAML response consumption. - [Relyra.Metadata.AutoRefresh](Relyra.Metadata.AutoRefresh.md): Phase 21 scheduled-refresh wrapper per D-05. Does NOT re-implement `Relyra.Metadata.Refresh.refresh/2` — wraps it from outside, inserting the asymmetric-strictness checks D-15..D-21 BEFORE any deep parse. - [Relyra.Metadata.Backoff](Relyra.Metadata.Backoff.md): Pure exponential-backoff schedule for Phase 21 auto-suspend per D-25. - [Relyra.Metadata.Cadence](Relyra.Metadata.Cadence.md): Pure cadence resolver for Phase 21 scheduled metadata refresh. - [Relyra.Metadata.DriftDetector](Relyra.Metadata.DriftDetector.md): Drift detection for Phase 21 scheduled metadata refresh per D-18. - [Relyra.Metadata.FailureClassifier](Relyra.Metadata.FailureClassifier.md): Pure D-27 classifier. Maps a Phase-21 error-code atom to three flags that drive the `[:relyra, :saml, :metadata, :auto_refresh, ...]` state machine and telemetry payload (D-23/D-27). - [Relyra.Metadata.Scheduler](Relyra.Metadata.Scheduler.md): Phase 21 scheduled metadata refresh entry point per D-01. - [Relyra.Metadata.TrustAnchor](Relyra.Metadata.TrustAnchor.md): Operator-pinned trust-anchor check for Phase 21 scheduled metadata refresh per D-17. - [Relyra.OptionalDeps.Oban](Relyra.OptionalDeps.Oban.md): Optional-deps gateway for Oban (D-02, D-37 canonical pattern). Lets the Phase 21 worker (`Relyra.Workers.MetadataRefresh`) and the documented Oban Cron one-liner reference Oban modules even when Oban is not in the adopter's deps tree. - [Relyra.Phoenix](Relyra.Phoenix.md): Phoenix integration for Relyra. - [Relyra.Phoenix.Pipeline.SkipCSRF](Relyra.Phoenix.Pipeline.SkipCSRF.md): Plug to skip CSRF protection for SAML ACS routes. - [Relyra.Phoenix.Router](Relyra.Phoenix.Router.md): Exposes the `saml_routes/2` macro for mounting SAML endpoints in a Phoenix router. - [Relyra.Principal](Relyra.Principal.md): Represents the verified subject identity and attributes from a SAML assertion. - [Relyra.Provider](Relyra.Provider.md): Provider preset registry for known SAML IdPs. - [Relyra.ReplayStore](Relyra.ReplayStore.md): Public extension contract for atomic replay-key consumption. - [Relyra.RequestStore](Relyra.RequestStore.md): Public extension contract for request-intent persistence and one-time consumption. - [Relyra.Security.CertificateExpiry](Relyra.Security.CertificateExpiry.md): Batch traversal function to check for expiring SAML certificates. - [Relyra.Security.Redirect](Relyra.Security.Redirect.md): Security utility for validating redirect paths to prevent Open Redirect vulnerabilities. - [Relyra.Security.XML](Relyra.Security.XML.md): Hardened XML seam contract for trust-sensitive SAML handling. - [Relyra.Security.XML.CorpusGate](Relyra.Security.XML.CorpusGate.md): Runtime security-corpus gate for the Phase 21 scheduled-refresh path per D-21. - [Relyra.Security.XML.PureBeam](Relyra.Security.XML.PureBeam.md): Pure-BEAM baseline adapter for XML seam enforcement. - [Relyra.SessionAdapter](Relyra.SessionAdapter.md): Public extension contract for handing off authenticated subjects to host sessions. - [Relyra.Telemetry](Relyra.Telemetry.md): Telemetry catalog for Relyra SAML events. - [Relyra.Telemetry.Handlers.LogAlerts](Relyra.Telemetry.Handlers.LogAlerts.md): Optional reference handler for Phase 21 scheduled metadata refresh telemetry. Emits one redaction-aware Logger line per documented `[:relyra, :saml, :metadata, :auto_refresh, ...]` event. - [Relyra.TestSupport](Relyra.TestSupport.md): Test helpers for adapter and controller tests. - [Relyra.TestSupport.FakeIdP](Relyra.TestSupport.FakeIdP.md): A small in-process SAML response builder for tests. - [Relyra.UserMapper](Relyra.UserMapper.md): Public extension contract for mapping validated assertion data into user attributes. - [Relyra.Workers.MetadataRefresh](Relyra.Workers.MetadataRefresh.md): Optional Oban worker that drives `Relyra.Metadata.Scheduler.run_due/2` per D-02. Compiles whether or not Oban is in the adopter's deps tree (Pitfall 5 — `mix compile --no-optional-deps --warnings-as-errors` lane). ## Mix Tasks - [mix relyra.batteries_included](Mix.Tasks.Relyra.BatteriesIncluded.md): Generates the checked-in batteries-included proof artifact from executable repo state. - [mix relyra.conformance](Mix.Tasks.Relyra.Conformance.md): Generates the checked-in conformance report from executable manifest state. - [mix relyra.diagnostic](Mix.Tasks.Relyra.Diagnostic.md): Generates a diagnostic bundle of the current Relyra state. - [mix relyra.metadata.pin](Mix.Tasks.Relyra.Metadata.Pin.md): Pins a SHA-256 trust fingerprint onto a connection's metadata source. - [mix relyra.refresh_due](Mix.Tasks.Relyra.RefreshDue.md): Runs any due Phase 21 scheduled metadata refreshes once. - [mix relyra.security_review](Mix.Tasks.Relyra.SecurityReview.md): Generates the checked-in security review evidence packet from executable security state.