SamlProfileTO

SamlProfileTO
SamlProfileTO

Represents an Identity Provider SAML profile

JSON Example 
{
    "saml_metadata": "See https://en.wikipedia.org/wiki/SAML_metadata#Identity_provider_metadata for an example of an IDP SAML metadata",
    "saml_metadata_url": "https://example.com/path/to/my/saml/metadata.xml",
    "saml_name_id_user_attribute_mapping": {
        "param1": "param1_value"
    },
    "saml_identity_user_attribute_mapping": {
        "saml_attribute_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
        "saml_attribute_name": "uid",
        "idm_attribute": "userName"
    },
    "request_name_id_format_type": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
    "request_preferred_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
    "send_subject_in_request": false,
    "send_subject_with_mapping": false,
    "saml_slo_configuration": {
        "slo_url": "https://www.okta.com/slologout",
        "relay_state_param": "param",
        "enabled": true
    },
    "jit_group_membership_attr_name": "groups",
    "saml_pass_through_claim_names": [
        "attr1",
        "attr2"
    ]
}
string
saml_metadata
Optional

SAML 2.0 protocol metadata in XML format encoded using Base64. If this field is not set, you must set saml_metadata_url. If both fields are set, this field take precedence. The Base64 encoded text have a maximum length of 100K

string
saml_metadata_url
Optional

SAML metadata URL. For SAML20 protocol. If this field is not set, you must set saml_metadata. If this field is set, metadata is downloaded each time. If both fields are set, saml_metadata take precedence

object
saml_name_id_user_attribute_mapping
Optional

VMware Identity Services user attribute mappings for each SAML attribute that is received in SAML response. The keys are the VMware Identity Services attribute names and the values are the SAML attribute names. If this field is not set, you must set saml_identity_user_attribute_mapping. If both fields are set, saml_identity_user_attribute_mapping take precedence

SamlIdentityAttributeTO
saml_identity_user_attribute_mapping
Optional

saml_identity_user_attribute_mapping

string
request_name_id_format_type
Optional

NameIdFormat to use in SAML requests to this identity provider. If not set, urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified will be used

string As urn:oasis:names:tc:SAML:2[.]0:bindings:HTTP[-]Redirect|urn:oasis:names:tc:SAML:2[.]0:bindings:HTTP[-]POST
request_preferred_binding
Optional

Preferred binding to use in SAML requests to this identity provider.

Possible values are : urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST,
boolean
send_subject_in_request
Optional

Indicates if subject should be sent in saml request

boolean
send_subject_with_mapping
Optional

Indicates if NameId mapping should be used to decide which user attribute to send in SAML request.

SamlSloConfigurationTO
saml_slo_configuration
Optional

saml_slo_configuration

string
jit_group_membership_attr_name
Optional

Specifies the group membership SAML attribute name.

array of string
saml_pass_through_claim_names
Optional

SAML assertion attribute names configured as pass through claims coming from third party SAML IDP.

Property Of