parse-saml-response
Definition
-
This operation allows to validate a SAML response generated by another external IDP that support SAML protocol.
URL
-
<console-domain>/webservice/federation/rest/parse-saml-response
Method
-
POST
Headers
-
Accept = “application/json”
-
Content-Type = “application/json”
Authentication
-
Use an account
withwith federation:serviceProvider
Request (URL parameter)
-
autoProvision → [false|true] (currently only false functionality is implemented)
-
response
-
RelayState → identifier of the ticket of the SAML response
-
SAMLResponse → encoded SAML response
-
-
protocol → use always “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
-
serviceProviderName → service provider which requests the user authentication
{
"autoProvision" : false,
"response" : {
"RelayState": "_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2",
"SAMLResponse": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ
wOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp
0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWN
lSW5kZXg9IjEiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9hYmM6NDQzLy94eHgiIERlc3Rpb
mF0aW9uPSJodHRwczovL3N0YXN0cy5hcnh1cy5ldS9hZGZzL2xzLyIgRm9yY2VBdXRobj0iZmFsc2UiIElEPSJfNTI
zODY2MjQyZjk0M2I0YzYzMjM0ZGM4OTQyZmZjMmYwOGNlYTAzYWExMjlhNGU
yIiBJc3N1ZUluc3RhbnQ9IjIwMTctMTItMjJUMTQ6NTU6MjAuODYyWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2Fza
XM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRpcmVjdCIgV
mVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA
6YXNzZXJ0aW9uIj5odHRwOi8vcG9ydGFsLmFyeHVzLmNvbTwvc2FtbDI6SXN
zdWVyPjxzYW1sMjpTdWJqZWN0IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmF
tZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDI6TmFtZUlEIEZvcm1
hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6cGVyc2lzdGVudCI+
ZWRtb25kLmhhbGxleTwvc2FtbDI6TmFtZUlEPjwvc2FtbDI6U3ViamVjdD48L3NhbWwycDpBdXRoblJlcXVlc3Q+"
},
"protocol" : "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"serviceProviderName" : "https://stasts.arxus.eu/adfs/ls/"
}
Response (JSON)
-
authentication → [yes|no]
-
failureMessage → if authentication=”no”, a description text of the error
-
principalName → account name
-
user → account owner identity standard attributes
-
attributes → account owner identity custom attributes
-
sessionId → session identifier