sources_saml_retrieve

GET 
/sources/saml/:slug/

SAMLSource Viewset

Request

Path Parameters

slug stringrequired

Responses

200

application/json

Schema

Schema

pk uuidrequired
name stringrequired

Source's display Name.

slug stringrequired

Internal source name, used in URLs.

Possible values: <= 50 characters, Value must match regular expression ^[-a-zA-Z0-9_]+$

enabled boolean
authentication_flow uuidnullable

Flow to use when authenticating existing users.

enrollment_flow uuidnullable

Flow to use when enrolling new users.

user_property_mappings uuid[]
group_property_mappings uuid[]
component stringrequired

Get object component so that we know how to edit the object

verbose_name stringrequired

Return object's verbose_name

verbose_name_plural stringrequired

Return object's plural verbose_name

meta_model_name stringrequired

Return internal model name

policy_engine_mode PolicyEngineMode (string)

Possible values: [all, any]

user_matching_mode UserMatchingModeEnum (string)

How the source determines if an existing user should be authenticated or a new user enrolled.

Possible values: [identifier, email_link, email_deny, username_link, username_deny]

managed Managed by authentik (string)nullablerequired

Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

user_path_template string
icon stringrequired
group_matching_mode GroupMatchingModeEnum (string)

How the source determines if an existing group should be used or a new group created.

Possible values: [identifier, name_link, name_deny]

pre_authentication_flow uuidrequired

Flow used before authentication.

issuer string

Also known as Entity ID. Defaults the Metadata URL.

sso_url urirequired

URL that the initial Login request is sent to.

Possible values: <= 200 characters

slo_url urinullable

Optional URL if your IDP supports Single-Logout.

Possible values: <= 200 characters

allow_idp_initiated boolean

Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.

name_id_policy NameIdPolicyEnum (string)

NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

Possible values: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:transient]

binding_type BindingTypeEnum (string)

Possible values: [REDIRECT, POST, POST_AUTO]

verification_kp uuidnullable

When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

signing_kp uuidnullable

Keypair used to sign outgoing Responses going to the Identity Provider.

digest_algorithm DigestAlgorithmEnum (string)

Possible values: [http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512]

signature_algorithm SignatureAlgorithmEnum (string)

Possible values: [http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512, http://www.w3.org/2000/09/xmldsig#dsa-sha1]

temporary_user_delete_after Delete temporary users after (string)

Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

encryption_kp uuidnullable

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.

Example (from schema)

{
  "pk": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "string",
  "slug": "string",
  "enabled": true,
  "authentication_flow": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "enrollment_flow": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "user_property_mappings": [
    "3fa85f64-5717-4562-b3fc-2c963f66afa6"
  ],
  "group_property_mappings": [
    "3fa85f64-5717-4562-b3fc-2c963f66afa6"
  ],
  "component": "string",
  "verbose_name": "string",
  "verbose_name_plural": "string",
  "meta_model_name": "string",
  "policy_engine_mode": "all",
  "managed": "string",
  "user_path_template": "string",
  "icon": "string",
  "pre_authentication_flow": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "issuer": "string",
  "sso_url": "string",
  "slo_url": "string",
  "allow_idp_initiated": true,
  "binding_type": "REDIRECT",
  "verification_kp": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "signing_kp": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "digest_algorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
  "signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
  "temporary_user_delete_after": "string",
  "encryption_kp": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

400

application/json

Schema

Schema

non_field_errors string[]
code string
property name* any

Validation Error

Example (from schema)

{
  "non_field_errors": [
    "string"
  ],
  "code": "string"
}

403

application/json

Schema

Schema

detail stringrequired
code string

Example (from schema)

{
  "detail": "string",
  "code": "string"
}

Loading...