createMspSso
POST https://{{host}}/api/v1/msps/:msp_id/ssos
Body Parameters
| Name | Type | Description |
|---|
name | string | name |
issuer | string | IDP issuer URL |
idp_cert | string | IDP Cert (used to verify the signed response) |
idp_sso_url | string | IDP Single-Sign-On URL |
nameid_format | string | email (default) / unspecified |
ignore_unmatched_roles | boolean | ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role |
default_role | string | default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched |
role_attr_from | string | optional, name of the attribute in SAML Assertion to extract role from (defaults to Role) |
role_attr_extraction | string | optional, user defined role parsing scheme. See Supported Role Parsing Schemes |
custom_logout_url | string | optional, a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process) |
Supported Role Parsing Schemes
| Name | Scheme |
|---|
| cn | The expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…” CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored) E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
|
Request Body
{"name"=>"onelogin", "issuer"=>"https://app.onelogin.com/saml/metadata/138130", "idp_cert"=>"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "idp_sign_algo"=>"sha256", "idp_sso_url"=>"https://yourorg.onelogin.com/trust/saml2/http-post/sso/138130", "nameid_format"=>"email", "ignore_unmatched_roles"=>false, "default_role"=>nil, "custom_logout_url"=>"https://6.4.5.7/saml/idp/SingleLogoutService.php?param1=value1"}
| Key | Datatype | Required | Description |
|---|
Accept | string | | |
X-CSRFToken | string | | |
Content-Type | string | | |