This is the configuration required for an Identity Provider for single sign on.
Overview of SamlIdPConfiguration goes here.
SamlIdPConfiguration
| Field | Type | Inherited from | Description |
|---|---|---|---|
| CertificatesBase64Encoded | String[] | SamlIdPConfiguration | Gets or sets the identity provider certificates in base64-encoded format |
| DefaultUserGroupIds | String[] | SamlIdPConfiguration | Gets or sets the default user group IDs assigned to users from this identity provider |
| Description | String | SamlIdPConfiguration | Gets or sets the description of the identity provider configuration |
| GroupAttributeNames | String[] | SamlIdPConfiguration | Custom attribute names that represent group membership for the user. The array values are attribute names. The attribute values are used as the key in GroupMappings. For instance, the attributes may come in as { ‘For Admins’: [‘Operations Admin’], ‘For Managers’: [‘Manager’] } Review the GroupMappings example to see how the attribute values map to Feenics Groups. Note: In order to exempt a user from being assigned the configured GroupMappings groups, pass an attribute with the name ExemptFromGrouping and any non-empty value. |
| GroupMappings | Dictionary<String> | SamlIdPConfiguration | Mapping the Custom Group String (key) to the groups to be assigned to the user (value). |
| PartnerName | String | SamlIdPConfiguration | Gets or sets the identity provider partner name |
| PersonLookupFilterQuery | String | SamlIdPConfiguration | This field is an extensible way for an existing person to be linked to a new user upon creation during an SSO request instead of creating a new person for each new user. It is a dynamic linq filter expression on the Person object. It must match a field on the person to the user ID of the SSO request. The user ID must be subsituted with @0 in the filter query. |
| SignAuthnRequest | Boolean | SamlIdPConfiguration | Gets or sets whether authentication requests should be signed |
| SingleLogoutServiceUrl | String | SamlIdPConfiguration | Gets or sets the single logout service URL of the identity provider |
| SingleSignOnServiceUrl | String | SamlIdPConfiguration | Gets or sets the single sign-on service URL of the identity provider |
{
"CertificatesBase64Encoded" : "String[]",
"DefaultUserGroupIds" : "String[]",
"Description" : "String",
"GroupAttributeNames" : "String[]",
"GroupMappings" : "Dictionary\<String\>",
"PartnerName" : "String",
"PersonLookupFilterQuery" : "String",
"SignAuthnRequest" : "Boolean",
"SingleLogoutServiceUrl" : "String",
"SingleSignOnServiceUrl" : "String"
}
Example in C#
// Returns: nothing
await client.DeleteIdPConfigurationAsync();
Example in CURL
curl -X DELETE \
https://api.us.acresecurity.cloud/saml/admin/idpconfiguration \
-H 'Authorization: Bearer TOKEN_GOES_HERE' \
-H 'Content-Type: application/json'
Example in C#
// Returns: SamlIdPConfiguration
var samlIdPConfiguration = await client.GetIdPConfigurationAsync();
Example in CURL
curl -X GET \
https://api.us.acresecurity.cloud/saml/admin/idpconfiguration \
-H 'Authorization: Bearer TOKEN_GOES_HERE' \
-H 'Content-Type: application/json'
Example in C#
// Returns: nothing
await client.SetSamlIdentityProviderConfiguration(SamlIdPConfiguration configuration);
Example in CURL
curl -X POST \
https://api.us.acresecurity.cloud/saml/admin/idpconfiguration \
-H 'Authorization: Bearer TOKEN_GOES_HERE' \
-H 'Content-Type: application/json' \
-d '{
"$type":"Feenics.Keep.WebApi.Model.SamlIdPConfiguration, Feenics.Keep.WebApi.Model",
"PartnerName":null,
"Description":null,
"SignAuthnRequest":false,
"SingleSignOnServiceUrl":null,
"SingleLogoutServiceUrl":null,
"CertificatesBase64Encoded":null,
"DefaultUserGroupIds":null,
"GroupAttributeNames":null,
"GroupMappings":null
}'