createOrgSso
POST https://{{host}}/api/v1/orgs/:org_id/ssos
Body Parameters
Name | Type | Description |
---|
name | string | name |
issuer | string | IDP issuer URL |
idp_cert | string | IDP Cert (used to verify the signed response) |
idp_sso_url | string | IDP Single-Sign-On URL |
idp_sign_algo | string | signing algorithm for SAML Assertion |
nameid_format | string | email (default) / unspecified |
ignore_unmatched_roles | boolean | ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role |
default_role | string | default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched |
role_attr_from | string | optional, name of the attribute in SAML Assertion to extract role from (defaults to Role ) |
role_attr_extraction | string | optional, user defined role parsing scheme. See Supported Role Parsing Schemes |
custom_logout_url | string | optional, a URL we will redirect the user after user logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process) |
Supported Role Parsing Schemes
Name | Scheme |
---|
cn | The expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…” CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored) E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
|
Request Body
{"name"=>"onelogin", "idp_type"=>"saml", "issuer"=>"https://app.onelogin.com/saml/metadata/138130", "idp_cert"=>"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "idp_sign_algo"=>"sha256", "idp_sso_url"=>"https://yourorg.onelogin.com/trust/saml2/http-post/sso/138130", "nameid_format"=>"email", "custom_logout_url"=>"https://6.4.5.7/saml/idp/SingleLogoutService.php?param1=value1", "ldap_type"=>"azure", "ldap_server_hosts"=>["hostname", "63.1.3.5"], "ldap_base_dn"=>"DC=abc,DC=com", "ldap_bind_dn"=>"CN=nas,CN=users,DC=abc,DC=com", "ldap_bind_password"=>"credential_for_nas", "ldap_cacerts"=>["-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\nBhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----"], "ldap_client_cert"=>"-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE\n-----END CERTIFICATE-----", "ldap_client_key"=>"-----BEGIN PRI...", "ldap_resolve_groups"=>false, "oauth_type"=>"azure", "oauth_tenant_id"=>"1e6ae660-b7d3-4a6c-9efd-1fa606fc7304", "oauth_cc_client_id"=>"e60da615-7def-4c5a-8196-43675f45e174", "oauth_cc_client_secret"=>"akL8Q~5kWFMVFYl4TFZ3fi~7cMdyDONi6cj01cpH", "oauth_ropc_client_id"=>"9ce04c97-b5b1-4ec8-af17-f5ed42d2daf7", "oauth_ropc_client_secret"=>"blM9R~6kWFMVFYl4TFZ3fi~8cMdyDONi6cj01dqI", "scim_enabled"=>false, "scim_secret_token"=>"secret token", "mxedge_proxy"=>{"mxcluster_id"=>"572586b7-f97b-a22b-526c-8b97a3f609c4", "proxy_hosts"=>["mxedge1.corp.com", "63.1.3.5"], "ssids"=>["eduroam_test, eduroam_main"], "operator_name"=>"1dartmouth.edu", "auth_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}, {"host"=>"radius.internal", "port"=>1812, "secret"=>"testing123"}], "acct_servers"=>[{"host"=>"1.2.3.4", "port"=>1812, "secret"=>"testing123"}]}, "ignore_unmatched_roles"=>false, "default_role"=>nil}
Key | Datatype | Required | Description |
---|
Accept | string | | |
X-CSRFToken | string | | |
Content-Type | string | | |