Skip to main content

parse-saml-response

Definition
  • This operation allows to validate a SAML response generated by another external IDP that support SAML protocol.

URL
  • <console-domain>/webservice/federation/rest/parse-saml-response

Method
  • POST

Headers
  • Accept = “application/json”

  • Content-Type = “application/json”

Authentication
Request (URL parameter)
  • autoProvision → [false|true] (currently only false functionality is implemented)

  • response

    • RelayState → identifier of the ticket of the SAML response

    • SAMLResponse → encoded SAML response

  • protocol → use always “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

  • serviceProviderName → service provider which requests the user authentication

{
    "autoProvision" : false,
    "response" : {
        "RelayState": "_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2",
        "SAMLResponse": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ
        wOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp
        0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWN
        lSW5kZXg9IjEiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9hYmM6NDQzLy94eHgiIERlc3Rpb
        mF0aW9uPSJodHRwczovL3N0YXN0cy5hcnh1cy5ldS9hZGZzL2xzLyIgRm9yY2VBdXRobj0iZmFsc2UiIElEPSJfNTI
        zODY2MjQyZjk0M2I0YzYzMjM0ZGM4OTQyZmZjMmYwOGNlYTAzYWExMjlhNGU
        yIiBJc3N1ZUluc3RhbnQ9IjIwMTctMTItMjJUMTQ6NTU6MjAuODYyWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2Fza
        XM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRpcmVjdCIgV
        mVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA
        6YXNzZXJ0aW9uIj5odHRwOi8vcG9ydGFsLmFyeHVzLmNvbTwvc2FtbDI6SXN
        zdWVyPjxzYW1sMjpTdWJqZWN0IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmF
        tZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDI6TmFtZUlEIEZvcm1
        hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6cGVyc2lzdGVudCI+
        ZWRtb25kLmhhbGxleTwvc2FtbDI6TmFtZUlEPjwvc2FtbDI6U3ViamVjdD48L3NhbWwycDpBdXRoblJlcXVlc3Q+"
    },
    "protocol" : "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
    "serviceProviderName" : "https://stasts.arxus.eu/adfs/ls/"
}
Response (JSON)
  • authentication → [yes|no]

  • failureMessage → if authentication=”no”, a description text of the error

  • principalName → account name

  • user → account owner identity standard attributes

  • attributes → account owner identity custom attributes

  • sessionId → session identifier