Step 9: Submit SAML sign-on request

POST {{authPath}}/{{envID}}/saml20/idp/sso

The POST /{{envID}}/saml20/idp/sso operation starts the sign-on flow. The request requires the application/x-www-form-urlencoded custom content type in the Content-Type HTTP header to initate the set password operation.

The request body includes the SAMLRequest parameter to pass in the encoded SAML authentication request information. Here is a sample SAML <AuthnRequest> in plain text:

<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="identifier_1"
    Version="2.0"
    IssueInstant="2004-12-05T09:21:59">
    <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
  </samlp:AuthnRequest>

Note: If you use the Qodex collection, this request includes a Qodex pre-req script that creates and encodes the AuthnRequest and writes it to the Qodex environment as the value for the SAMLRequest variable.

The request body includes the RelayState property that specifies the token for SAML assertions used in IdP-initiated SSO.

The response contains the Location header. This includes the flowId value that you'll need for the next step.

See the following topics to learn more:

Request Body

[{"name"=>"SAMLRequest", "value"=>"{{SAMLRequest}}", "datatype"=>"string"}, {"name"=>"RelayState", "value"=>"token", "datatype"=>"string"}]

HEADERS

Key	Datatype	Required	Description
`Content-Type`	string