Create SAML Authenticator
All the listed privileges are required -
Privileges | Description |
---|---|
GLOBAL_CONFIG_MANAGEMENT | Caller should have permission to this privilege, to perform this operation. |
{
"administrator_url": "https://vidm.example.com/saas/api/1.0/GET/admindata",
"authenticator_type": "DYNAMIC",
"certificate": "-----BEGIN CERTIFICATE-----\nMIID8DCCAtigAwIBAgIFFVeQUwEwDQY...-----END CERTIFICATE-----\n",
"certificate_type": "PEM",
"connection_server_ids": [
"11bd230b-87ce-3306-a943-810affe7b68a",
"aa36240c-a7f4-3a00-9e3d-e71e2df1cc1b"
],
"description": "Dynamic Saml Authenticator",
"label": "vidm.example.com",
"metadata_url": "https://vidm.example.com/saas/api/1.0/GET/metadata/idp.xml",
"password_mode": "REMOVE",
"static_metadata": "<md:EntityDescriptor xmlns:..</md:EntityDescriptor>",
"trigger_mode": "DISABLED"
}
The administrator URL for this SAML authenticator. This must specify a protocol (scheme) of http or https.
The type of SAML authenticator.
- STATIC: Static SAML Authenticator, which contains SAML metadata.
- DYNAMIC: Dynamic SAML Authenticator fetches metadata dynamically using a provided URL.
SAML Authenticator certificate.
Type of Certificate.
- PEM: PEM encoded certificate type
- UNKNOWN: Unknown certificate type
The list of Connection Servers for which this SAML authenticator is enabled.
The description of this SAML authenticator.
The label for this SAML authenticator. It must be unique among all other SAML authenticators.
The metadata URL that this SAML authenticator uses to fetch metadata. This must specify a protocol (scheme) of https. It must be unique among all other SAML authenticators. This is required if authenticator_type is set to DYNAMIC.
Indicates how password present in SAML assertion is handled if True SSO is triggered. This is required if the trigger_mode is set to ENABLE_ALWAYS or REQUIRE_ALWAYS.
- REMOVE: Remove any passwords.
- PASSTHRU: Pass through any passwords.
- ERROR: Error if there is a password.
The static metadata of a SAML authenticator which contains an entity id, signing keys, and encryption keys for processing SAML authentication. This property is required if authenticator_type is set to STATIC.
Indicates how True SSO is triggered on sessions using this authenticator.
- DISABLED: Do not use True SSO.
- ENABLE_IF_NO_PASSWORD: If no password is supplied, use a valid (domain matching) connector if it exists.
- REQUIRE_IF_NO_PASSWORD: If no password is supplied, use and require a valid (domain matching) connector.
- ENABLE_ALWAYS: Regardless of a password, use a valid (domain matching) connector if it exists.
- REQUIRE_ALWAYS: Regardless of a password, use and require a valid (domain matching) connector.
Created
Bad Request
User is not authenticated
Access to the resource is forbidden
Not Found
Conflict