SAMLAuthenticatorUpdateSpec
SAML Authenticator object to be updated.
{
"administrator_url": "https://vidm.example.com/saas/api/1.0/GET/admindata",
"certificate": "-----BEGIN CERTIFICATE-----\nMIID8DCCAtigAwIBAgIFFVeQUwEwDQY...-----END CERTIFICATE-----\n",
"certificate_type": "PEM",
"description": "Dynamic Saml Authenticator",
"label": "vidm.example.com",
"metadata_url": "https://vidm.example.com/saas/api/1.0/GET/metadata/idp.xml",
"password_mode": "REMOVE",
"static_metadata": "<md:EntityDescriptor xmlns:..</md:EntityDescriptor>",
"trigger_mode": "DISABLED"
}
The administrator URL for this SAML authenticator. This must specify a protocol (scheme) of http or https.
SAML Authenticator certificate.
Type of Certificate.
- PEM: PEM encoded certificate type
- UNKNOWN: Unknown certificate type
The description of this SAML authenticator.
The label for this SAML authenticator. It must be unique among all other SAML authenticators.
The metadata URL that this SAML authenticator uses to fetch metadata. This must specify a protocol (scheme) of https. It must be unique among all other SAML authenticators. This is required if authenticator_type is set to DYNAMIC.
Indicates how password present in SAML assertion is handled if True SSO is triggered. This is required if the trigger_mode is set to ENABLE_ALWAYS or REQUIRE_ALWAYS.
- REMOVE: Remove any passwords.
- PASSTHRU: Pass through any passwords.
- ERROR: Error if there is a password.
The static metadata of a SAML authenticator which contains an entity id, signing keys, and encryption keys for processing SAML authentication. This property is required if authenticator_type is set to STATIC.
Indicates how True SSO is triggered on sessions using this authenticator.
- DISABLED: Do not use True SSO.
- ENABLE_IF_NO_PASSWORD: If no password is supplied, use a valid (domain matching) connector if it exists.
- REQUIRE_IF_NO_PASSWORD: If no password is supplied, use and require a valid (domain matching) connector.
- ENABLE_ALWAYS: Regardless of a password, use a valid (domain matching) connector if it exists.
- REQUIRE_ALWAYS: Regardless of a password, use and require a valid (domain matching) connector.