Skip to main content

validate-domain

validate-domain

Definition
  • This operation allows to validate the user domain and return the IDP ower of the user.
URL
  • <console-domain>/webservice/federation/rest/validate-domain
Method
  • POST
Headers
  • Accept = “application/json”
  • Content-Type = “application/json”
Authentication
  • Use the “admin” user of the Soffid IAM Console
Request (body JSON)
  • domain → domain of the user (right side of the email)
{
    "domain" : "arxus.eu"
}
Response (JSON)
  • exists → [yes|no]
  • identityProvider → identity provider public ID
{
    "exists": "yes",
    "identityProvider": "http://stasts-sof.arxus.eu/adfs/services/trust"
}

validate-credentials

Definition
  • This operation allows to validate the credentials of the user against Soffid.

URL
  • <console-domain>/webservice/federation/rest/validate-credentials

Method
  • POST

Headers
  • Accept = “application/json”

  • Content-Type = “application/json”

Authentication
Request (body JSON)
  • user → user (or nick or alias)

  • password → password of the user

  • identityProvider → identity provider public ID

  • serviceProviderName → service provider which requests the user authentication

  • sessionSeconds → max time for the user session inactivity

{
    "user" : "edmond.halley",
    "password" : "12345",
    "identityProvider" : "soffid",
    "serviceProviderName" : "http://arxus.portal.com",
    "sessionSeconds" : "3600"
}
Response (JSON)
  • authentication → [yes|no]

  • principalName → account name

  • failureMessage → if authentication=”no”, a description text of the error

  • user → account owner identity standard attributes

  • attributes → account owner identity custom attributes

  • sessionId → session identifier

{
    "valid": true,
    "sessionCookie": "_2307e8b5566ba600be64508a132f7f40c4578928733f2c3c:hRoFimsCGZSau7zjbWeVocTv13WAaui7dj00A7F39dM0R+daKHPQVi2WiAbhB/rV776S0TW5JXq7/9HjV0zo0h4E7AW72tCUD9I/8UD4VP5oTRWgR6xTP3mUwhn5NCuiHOE02kuITf6l3y6ZrUOBA6qVFo/Twlfhww9dZ2l7NrdrO/s3K40L",
    "attributes": {},
    "user": {
        "lastName": "Halley",
        "createdByUser": "csvIDs",
        "modifiedDate": "2017-12-15T11:01:02+01:00",
        "userType": "I",
        "shortName": "edmond.halley"
        },
    "identityProvider": "soffid"
}

expire-session

Definition
  • This operation allows to close a session created by either validate-credentials or parse-saml-response. If you want to get real global logout, this method invocation is not enough. You should also use the generate-saml-logout-request method.

URL
  • <console-domain>/webservice/federation/rest/expire-session

Method
  • POST

Headers
  • Accept = “application/json”

  • Content-Type = “application/json”

Authentication
Request (body JSON)
  • sessionId → session id obtained from prior parse-saml-response or validate-credentials invocation

Response (JSON)
  • sessionId → id of closed session

{
    "sessionId" : "_8164940b408c1508dfd84525a3ef568475f317085cf36e7d:rvJgZnMfsWUbQWlXdhTcVGgI3mC2qXJC..."
}

generate-saml-request

Definition
  • This operation allows to generate a SAML request to an external IDP.

URL
  • <console-domain>/webservice/federation/rest/generate-saml-request

Method
  • POST

Headers
  • Accept = “application/json”

  • Content-Type = “application/json”

Authentication
Request (body JSON)
  • user → user (or nick or alias)

  • identityProvider → identity provider public ID

  • serviceProviderName → service provider which requests the user authentication

  • sessionSeconds → max time for the user session inactivity

{
    "user" : "lucasfr@soffid.poc",
    "identityProvider" : "http://stasts-sof.arxus.eu/adfs/services/trust",
    "serviceProviderName" : "http://portal.arxus.com",
    "sessionSeconds" : "3600"
}
Response (JSON)
  • method → [POST|GET]

  • parameters

    • RelayState → identifier of the ticket of the SAML request

    • SAMLRequest → encoded SAML request

  • url → form’s target URL

{
    "method": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
    "parameters": {
        "RelayState": "_457cab260c4948ef4c6d35a67cac000d3348d1ec48f53215",
        "SAMLRequest": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ
        wOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp
     	0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWN
        lVVJMPSJodHRwczovL3BvcnRhbC5hcnh1cy5jb206NDQzL1NBTUwtcmVzcG9uc2UiIEZvcmNlQXV0aG49ImZhbHNlI
        iBJRD0iXzQ1N2NhYjI2MGM0OTQ4ZWY0YzZkMzVhNjdjYWMwMDBkMzM0OGQxZ
        WM0OGY1MzIxNSIgSXNzdWVJbnN0YW50PSIyMDE4LTAxLTExVDEyOjEzOjA0L
        jY2NFoiIFZlcnNpb249IjIuMCI+PHNhbWwyOklzc3VlciB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlN
        BTUw6Mi4wOmFzc2VydGlvbiI+aHR0cDovL3BvcnRhbC5hcnh1cy5jb208L3NhbWwyOklzc3Vlcj48c2FtbDI6U3Via
       mVjdCB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wO
       mFzc2VydGlvbiI+PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuY
       W1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+b
       HVjYXNmckBzb2ZmaWQucG9jPC9zYW1sMjpOYW1lSUQ+PC9zYW1sMjpTdWJqZ
       WN0Pjwvc2FtbDJwOkF1dGhuUmVxdWVzdD4="
},
    "url": "https://stasts-sof.arxus.eu/adfs/ls/"

}