Skip to main content

providers_saml_create

POST 

/providers/saml/

SAMLProvider Viewset

Request

Body

required

    name stringrequired

    Possible values: non-empty

    authentication_flow uuidnullable

    Flow used for authentication when the associated application is accessed by an un-authenticated user.

    authorization_flow uuidrequired

    Flow used when authorizing this provider.

    invalidation_flow uuidrequired

    Flow used ending the session from a provider.

    property_mappings uuid[]
    acs_url urirequired

    Possible values: non-empty and <= 200 characters

    audience string

    Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.

    issuer string

    Also known as EntityID

    Possible values: non-empty

    assertion_valid_not_before string

    Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).

    Possible values: non-empty

    assertion_valid_not_on_or_after string

    Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

    Possible values: non-empty

    session_valid_not_on_or_after string

    Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

    Possible values: non-empty

    name_id_mapping uuidnullable

    Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered

    digest_algorithm DigestAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512]

    signature_algorithm SignatureAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512, http://www.w3.org/2000/09/xmldsig#dsa-sha1]

    signing_kp uuidnullable

    Keypair used to sign outgoing Responses going to the Service Provider.

    verification_kp uuidnullable

    When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

    encryption_kp uuidnullable

    When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.

    sign_assertion boolean
    sign_response boolean
    sp_binding SpBindingEnum (string)

    This determines how authentik sends the response back to the Service Provider.

    Possible values: [redirect, post]

    default_relay_state string

    Default relay_state value for IDP-initiated logins

Responses

Schema

    pk ID (integer)required
    name stringrequired
    authentication_flow uuidnullable

    Flow used for authentication when the associated application is accessed by an un-authenticated user.

    authorization_flow uuidrequired

    Flow used when authorizing this provider.

    invalidation_flow uuidrequired

    Flow used ending the session from a provider.

    property_mappings uuid[]
    component stringrequired

    Get object component so that we know how to edit the object

    assigned_application_slug stringrequired

    Internal application name, used in URLs.

    assigned_application_name stringrequired

    Application's display Name.

    assigned_backchannel_application_slug stringrequired

    Internal application name, used in URLs.

    assigned_backchannel_application_name stringrequired

    Application's display Name.

    verbose_name stringrequired

    Return object's verbose_name

    verbose_name_plural stringrequired

    Return object's plural verbose_name

    meta_model_name stringrequired

    Return internal model name

    acs_url urirequired

    Possible values: <= 200 characters

    audience string

    Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.

    issuer string

    Also known as EntityID

    assertion_valid_not_before string

    Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).

    assertion_valid_not_on_or_after string

    Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

    session_valid_not_on_or_after string

    Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

    name_id_mapping uuidnullable

    Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered

    digest_algorithm DigestAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512]

    signature_algorithm SignatureAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512, http://www.w3.org/2000/09/xmldsig#dsa-sha1]

    signing_kp uuidnullable

    Keypair used to sign outgoing Responses going to the Service Provider.

    verification_kp uuidnullable

    When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

    encryption_kp uuidnullable

    When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.

    sign_assertion boolean
    sign_response boolean
    sp_binding SpBindingEnum (string)

    This determines how authentik sends the response back to the Service Provider.

    Possible values: [redirect, post]

    default_relay_state string

    Default relay_state value for IDP-initiated logins

    url_download_metadata stringrequired

    Get metadata download URL

    url_sso_post stringrequired

    Get SSO Post URL

    url_sso_redirect stringrequired

    Get SSO Redirect URL

    url_sso_init stringrequired

    Get SSO IDP-Initiated URL

    url_slo_post stringrequired

    Get SLO POST URL

    url_slo_redirect stringrequired

    Get SLO redirect URL

Loading...