SAMLAuthenticatorCreateSpec

SAMLAuthenticatorCreateSpec
SAMLAuthenticatorCreateSpec

SAML Authenticator specification

JSON Example
{
    "administrator_url": "https://vidm.example.com/saas/api/1.0/GET/admindata",
    "authenticator_type": "DYNAMIC",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIID8DCCAtigAwIBAgIFFVeQUwEwDQY...-----END CERTIFICATE-----\n",
    "certificate_type": "PEM",
    "connection_server_ids": [
        "11bd230b-87ce-3306-a943-810affe7b68a",
        "aa36240c-a7f4-3a00-9e3d-e71e2df1cc1b"
    ],
    "description": "Dynamic Saml Authenticator",
    "label": "vidm.example.com",
    "metadata_url": "https://vidm.example.com/saas/api/1.0/GET/metadata/idp.xml",
    "password_mode": "REMOVE",
    "static_metadata": "<md:EntityDescriptor xmlns:..</md:EntityDescriptor>",
    "trigger_mode": "DISABLED"
}
string
administrator_url
Optional

The administrator URL for this SAML authenticator. This must specify a protocol (scheme) of http or https.

string
authenticator_type
Required

The type of SAML authenticator.

  • STATIC: Static SAML Authenticator, which contains SAML metadata.
  • DYNAMIC: Dynamic SAML Authenticator fetches metadata dynamically using a provided URL.
Possible values are : STATIC, DYNAMIC,
string
certificate
Optional

SAML Authenticator certificate.

string
certificate_type
Optional

Type of Certificate.

  • PEM: PEM encoded certificate type
  • UNKNOWN: Unknown certificate type
Possible values are : PEM, UNKNOWN,
array of string
connection_server_ids
Optional

The list of Connection Servers for which this SAML authenticator is enabled.

string
description
Optional

The description of this SAML authenticator.

string
label
Required

The label for this SAML authenticator. It must be unique among all other SAML authenticators.

string
metadata_url
Optional

The metadata URL that this SAML authenticator uses to fetch metadata. This must specify a protocol (scheme) of https. It must be unique among all other SAML authenticators. This is required if authenticator_type is set to DYNAMIC.

string
password_mode
Optional

Indicates how password present in SAML assertion is handled if True SSO is triggered. This is required if the trigger_mode is set to ENABLE_ALWAYS or REQUIRE_ALWAYS.

  • REMOVE: Remove any passwords.
  • PASSTHRU: Pass through any passwords.
  • ERROR: Error if there is a password.
Possible values are : REMOVE, PASSTHRU, ERROR,
string
static_metadata
Optional

The static metadata of a SAML authenticator which contains an entity id, signing keys, and encryption keys for processing SAML authentication. This property is required if authenticator_type is set to STATIC.

string
trigger_mode
Optional

Indicates how True SSO is triggered on sessions using this authenticator.

  • DISABLED: Do not use True SSO.
  • ENABLE_IF_NO_PASSWORD: If no password is supplied, use a valid (domain matching) connector if it exists.
  • REQUIRE_IF_NO_PASSWORD: If no password is supplied, use and require a valid (domain matching) connector.
  • ENABLE_ALWAYS: Regardless of a password, use a valid (domain matching) connector if it exists.
  • REQUIRE_ALWAYS: Regardless of a password, use and require a valid (domain matching) connector.
Possible values are : DISABLED, ENABLE_IF_NO_PASSWORD, REQUIRE_IF_NO_PASSWORD, ENABLE_ALWAYS, REQUIRE_ALWAYS,