SAML SSO Using GET

GET {{authPath}}/{{envID}}/saml20/idp/sso?SAMLRequest={{SAMLRequest}}&RelayState=token

The GET /{{envID}}/saml20/idp/sso operation initiates the SAML single sign-on action through a GET request. In the request URL, the SAMLRequest parameter contains the encoded SAML authentication request information.

Here is a sample SAML <AuthnRequest> in plain text:

<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="identifier_1"
    Version="2.0"
    IssueInstant="2004-12-05T09:21:59">
    <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
  </samlp:AuthnRequest>

For SAML assertions, PingOne supports the following Subject NameID formats:

Format	Description
`urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`	The Subject's `NameID` format is not specified.
`urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`	The Subject's `NameID` format is in the form of an email address.
`urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`	The Subject's `NameID` format is an opaque unique identifier for a user that retains the same value over time.
`urn:oasis:names:tc:SAML:2.0:nameid-format:transient`	The Subject's `NameID` format is a randomly generated identifier. A different value is used for each SSO for a given user.

Note: For GET requests, the <AuthnRequest> encoding is compressed (RFC1951 Deflate), Base64 encoded, and URL encoded.

Parameter	Description
`RelayState`	Passes the `defaultTarget` information to the IdP.
`SAMLRequest`	The encoded SAML authentication request information.

Request Params

Key	Datatype	Required	Description
`SAMLRequest`	string
`RelayState`	string