Skip to main content

Access Control (REST) API - SAML Service Provider

This section includes REST APIs for working with Access Control SAML Service Provider tasks.

Get SAML Service Provider Metadata - GET /SamlServiceProvider/metadata (v2.0 and up)

Get metadata (xml) for the SAML service provider.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

GET /SamlServiceProvider/metadata and get metadata for the SAML service provider

URL

/cxrestapi/auth/SamlServiceProvider/metadata

Method:

GET

Media Type (header):

Authorization: Bearer <access token value>

Accept: application/json;v=1.0

Parameters

None

Success Response:

Code: 200 Success

Error Response:

Code: 401 Unauthorized

Code: 403 Forbidden

Sample Response:

<md:EntityDescriptor entityID="http://localhost" ID="_59280630-ea4b-4dfe-bd46-5b253e729d6d" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor ID="_3703498e-2aac-42d4-bc39-c10c76ae0dbe" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAssertionsSigned="true">
<md:KeyDescriptor>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIDPzCCAiegAwIBAgIIdeTLjQSFpkgwDQYJKoZIhvcNAQENBQAwGTEXMBUGA1UEAwwOQWNjZXNzIENvbnRyb2wwHhcNMTkwMjIwMDk0NDM3WhcNMjkwMjIwMDk0NDM3WjAZMRcwFQYDVQQDDA5BY2Nlc3MgQ29udHJvbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIxUCW1lFd598hJdHhBuUGOjMokZT3zOfepKqL8tjSu7nG5ImQrRbBcDfToQoL5X9Ey08EOhq6hVp6TJOoL9ggN8oqMCiIGqeg+Djcz293t/sFOtxfXsMc+……………………….. ==</X509Certificate>
</X509Data>
</KeyInfo>
</md:KeyDescriptor>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost/CxRestAPI/auth/identity/samlAcs" index="0" isDefault="true" />
<md:AttributeConsumingService index="0" isDefault="true">
<md:ServiceName xml:lang="en">auth</md:ServiceName>
<md:RequestedAttribute Name="First_Name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="First Name" isRequired="true" />
<md:RequestedAttribute Name="Last_Name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Last Name" isRequired="true" />
<md:RequestedAttribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Email" isRequired="true" />
<md:RequestedAttribute Name="Job" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Job Title" isRequired="false" />
<md:RequestedAttribute Name="Phone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Phone Number" isRequired="false" />
<md:RequestedAttribute Name="Cell_Phone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Cellular Phone Number" isRequired="false" />
<md:RequestedAttribute Name="Language" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Language Culture Name" isRequired="false">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">es-ES</saml:AttributeValue>
</md:RequestedAttribute>
<md:RequestedAttribute Name="Team" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Team Full Path" isRequired="false">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">CxServer/Team1/Team2/Team3</saml:AttributeValue>
</md:RequestedAttribute>
<md:RequestedAttribute Name="Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="User Role Name" isRequired="false">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Admin</saml:AttributeValue>
</md:RequestedAttribute>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
</md:EntityDescriptor>

Notes:

Returns xml metadata for the SAML service provider.

Get SAML Service Provider - GET /SamlServiceProvider (v2.0 and up)

Get details of the SAML service provider.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

  1. GET /SamlServiceProvider and get details of the SAML service provider

  2. PUT /SamlServiceProvider and update the SAML service provider’s details

URL

/cxrestapi/auth/SamlServiceProvider

Method:

GET

Media Type (header):

Authorization: Bearer <access token value>

Accept: application/json;v=1.0

Parameters

None

Success Response:

Code: 200 Success

Error Response:

Code: 401 Unauthorized

Code: 403 Forbidden

Code: 404 Not found

Sample Response:

{
"assertionConsumerServiceUrl": "http://localhost/CxRestAPI/auth/identity/samlAcs",
"certificateFileName": "DefaultSamlServiceProvider.pfx",
"certificateSubject": "CN=Access Control",
"issuer": "http://localhost"
}

Notes:

Retrieves SAML service provider details. If the request fails, it returns an error response.

Update a SAML Service Provider - PUT /SamlServiceProvider (v2.0 and up)

Update the SAML service provider’s details.

Notice

The ‘Manage Authentication Providers’ permission is required to execute this API.

Usage:

  1. GET /SamlServiceProvider and get details of the SAML service provider

  2. PUT /SamlServiceProvider and update the SAML service provider’s details

URL

/cxrestapi/auth/SamlServiceProvider

Method:

PUT

Media Type (header):

Authorization: Bearer <access token value>

Content-Type: application/json;v=1.0

Parameters

Content-type [multipart/form-data]: Specifies the SAML Service Provider details

CertificateFile=[file] – Service provider certificate file

CertificatePassword=[string] – Service provider certificate password

Issuer=[string] - SAML authentication request issuer

Success Response:

Code: 204 Success

Error Response:

Code: 400 Returns error messages

Code: 401 Unauthorized

Code: 403 Forbidden

Sample Response:

no content

Notes:

Updates the SAML service provider details according to the defined parameters. Once the request is successful, it does not return any content. If the request fails, it returns an error response.