# parse-saml-response

##### Definition

- This operation allows to validate a SAML response generated by another external IDP that support SAML protocol.

##### URL

- &lt;console-domain&gt;/webservice/federation/rest/parse-saml-response

##### Method

- POST

##### Headers

- Accept = “application/json”
- Content-Type = “application/json”

##### Authentication

- Use an account with **[federation:serviceProvider](http://federationserviceprovider/)** permission

##### Request (URL parameter)

- autoProvision → \[false|true\] (currently only false functionality is implemented)
- response
    
    
    - RelayState → identifier of the ticket of the SAML response
    - SAMLResponse → encoded SAML response
- protocol → use always “[urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST](http://urnoasisnamestcsaml:2.0:bindings:HTTP-POST)”
- serviceProviderName → service provider which requests the user authentication

```western
{
    "autoProvision" : false,
    "response" : {
        "RelayState": "_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2",
        "SAMLResponse": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ
        wOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp
        0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWN
        lSW5kZXg9IjEiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9hYmM6NDQzLy94eHgiIERlc3Rpb
        mF0aW9uPSJodHRwczovL3N0YXN0cy5hcnh1cy5ldS9hZGZzL2xzLyIgRm9yY2VBdXRobj0iZmFsc2UiIElEPSJfNTI
        zODY2MjQyZjk0M2I0YzYzMjM0ZGM4OTQyZmZjMmYwOGNlYTAzYWExMjlhNGU
        yIiBJc3N1ZUluc3RhbnQ9IjIwMTctMTItMjJUMTQ6NTU6MjAuODYyWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2Fza
        XM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRpcmVjdCIgV
        mVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA
        6YXNzZXJ0aW9uIj5odHRwOi8vcG9ydGFsLmFyeHVzLmNvbTwvc2FtbDI6SXN
        zdWVyPjxzYW1sMjpTdWJqZWN0IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmF
        tZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDI6TmFtZUlEIEZvcm1
        hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6cGVyc2lzdGVudCI+
        ZWRtb25kLmhhbGxleTwvc2FtbDI6TmFtZUlEPjwvc2FtbDI6U3ViamVjdD48L3NhbWwycDpBdXRoblJlcXVlc3Q+"
    },
    "protocol" : "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
    "serviceProviderName" : "https://stasts.arxus.eu/adfs/ls/"
}
```

##### Response (JSON)

- authentication → \[yes|no\]
- failureMessage → if authentication=”no”, a description text of the error
- principalName → account name
- user → account owner identity standard attributes
- attributes → account owner identity custom attributes
- sessionId → session identifier