Access Control (REST) API - SAML Identity Providers
This section includes REST APIs for working with Access Control SAML Identity Provider tasks.
Get All SAML Identity Providers - GET /SamlIdentityProviders (v2.0 and up)
Get details of all SAML identity providers.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
GET /SamlIdentityProviders and get details of all SAML identity providers
PUT /SamlIdentityProviders/{id} and update SAML Identity Provider details
URL
/cxrestapi/auth/SamlIdentityProviders
Method:
GET
Media Type (header):
Authorization: Bearer <access token value>
Accept: application/json;v=1.0
Parameters
None
Success Response:
Code: 200 Success
Error Response:
Code: 401 Unauthorized
Code: 403 Forbidden
Sample Response:
[ { "id": 0, "certificateFileName": "string", "certificateSubject": "string", "active": true, "name": "string", "issuer": "string", "loginUrl": "string", "logoutUrl": "string", "errorUrl": "string", "signAuthnRequest": true, "authnRequestBinding": "string", "isManualManagement": true, "defaultTeamId": 0, "defaultRoleId": 0 } ]
Notes:
Retrieves details of all SAML identity providers. Default Team Id (defaultTeamId) is used in the Teams API and Default Role Id (defaultRoleId) is used in the Roles API. If the request fails, it returns an error response.
Create New SAML Identity Provider - POST /SamlIdentityProviders (v2.0 and up)
Create a new SAML identity provider.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
POST /SamlIdentityProviders and create a new SAML identity provider
GET /SamlIdentityProviders and get details of all SAML identity providers, or
GET /SamlIdentityProviders/{id} and get details of a specified SAML identity provider
URL
/cxrestapi/auth/SamlIdentityProviders
Method:
POST
Media Type (header):
Authorization: Bearer <access token value>
Content-Type: application/json;v=1.0
Parameters
Content-type [multipart/form-data]: Specifies the SAML Identity Provider details
CertificateFile=[file] – Certificate file used to verify the SAML assertion
Active=[Boolean] – Whether the SAML identity provider is active (true/false)
Name=[string] - SAML identity provider display name
Issuer=[string] - Issuer of the SAML assertion
LoginUrl=[string] - SAML identity provider single sign-on URL
LogoutUrl=[string] - Redirects URL when logging-out
ErrorUrl=[string] - Redirects URL on error
SignAuthnRequest=[Boolean] – Whether the service provider should sign authentication requests to this identity provider (true/false)
AuthnRequestBinding=[string] – Authentication request binding (HTTP-Redirect or HTTP-Post)
IsManualManagement=[Boolean] – Whether role and group management is done manually (default) or controlled via the SAML assertion (not manual)
DefaultTeamId=[integer] - Default team Id
DefaultRoleId=[ineger] - Default role Id
Success Response:
Code: 201 Success
Error Response:
Code: 400 Bad Request
Code: 401 Unauthorized
Code: 403 Forbidden
Sample Response:
no content
Notes:
Returns the location of the created SAML identity provider in the response header. If the request fails, it returns an error response.
Get SAML Identity Provider by Id - GET /SamlIdentityProviders/{id} (v2.0 and up)
Get details of a specified SAML identity provider.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
POST /SamlIdentityProviders and create a new SAML identity provider
GET /SamlIdentityProviders/{id} and get details of a specified SAML identity provider, or GET /SamlIdentityProviders and get details of all SAML identity providers
URL
/cxrestapi/auth/SamlIdentityProviders/{id}
Method:
GET
Media Type (header):
Authorization: Bearer <access token value>
Accept: application/json;v=1.0
Parameters
id=[integer] - SAML identity provider Id
Success Response:
Code: 201 Success
Error Response:
Code: 400 Bad Request
Code: 401 Unauthorized
Code: 403 Forbidden
Code: 404 Not Found
Sample Response:
{ "id": 0, "certificateFileName": "string", "certificateSubject": "string", "active": true, "name": "string", "issuer": "string", "loginUrl": "string", "logoutUrl": "string", "errorUrl": "string", "signAuthnRequest": true, "authnRequestBinding": "string", "isManualManagement": true, "defaultTeamId": 0, "defaultRoleId": 0 }
Notes:
Retrieves SAML identity provider details according to the SAML identity provider Id. If the request fails, it returns an error response.
Update a SAML Identity Provider - PUT /SamlIdentityProviders/{id} (v2.0 and up)
Update an existing SAML identity provider’s details according to SAML Identity Provider Id.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
GET /SamlIdentityProviders and get details of all SAML identity providers
PUT /SamlIdentityProviders/{id} and update the SAML identity provider’s details
URL
/cxrestapi/auth/SamlIdentityProviders/{id}
Method:
PUT
Media Type (header):
Authorization: Bearer <access token value>
Content-Type: application/json;v=1.0
Parameters
id=[integer] - SAML identity provider Id
Content-type [multipart/form-data]: Specifies the SAML Identity Provider details
CertificateFile=[file] – Certificate file used to verify the SAML assertion
Active=[Boolean] - SAML identity provider state
Name=[string] - SAML identity provider display name
Issuer=[string] - Issuer of the SAML assertion
LoginUrl=[string] - SAML identity provider single sign-on URL
LogoutUrl=[string] - Redirect URL when logging-out
ErrorUrl=[string] - Redirect URL on error
SignAuthnRequest=[Boolean] – Whether the service provider should sign authentication requests to this identity provider (true/false)
AuthnRequestBinding=[string] – Authentication request binding (HTTP-Redirect or HTTP-Post)
IsManualManagement=[Boolean] – Whether role and group management is done manually (default) or controlled via the SAML assertion (not manual)
DefaultTeamId=[integer] - Default team Id
DefaultRoleId=[ineger] - Default role Id
Success Response:
Code: 204 Success
Error Response:
Code: 400 Bad Request
Code: 401 Unauthorized
Code: 403 Forbidden
Code: 404 Not Found
Sample Response:
no content
Notes:
Updates the SAML identity provider details according to SAML identity provider Id. Once the request is successful, it does not return any content. If the request fails, it returns an error response.
Delete a SAML Identity Provider - DELETE /SamlIdentityProviders/{id} (v2.0 and up)
Delete a specific SAML identity provider with all related details according to SAML Identity Providers Id. Note that this action permanently deletes all related users.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
GET /SamlIdentityProviders and get details of all SAML identity providers
DELETE /SamlIdentityProviders/{id} and delete the SAML identity provider’s details
URL
/cxrestapi/auth/SamlIdentityProviders/{id}
Method:
DELETE
Media Type (header):
Authorization: Bearer <access token value>
Content-Type: application/json;v=1.0
Parameters
id=[integer] - SAML identity provider Id
Success Response:
Code: 204 Success
Error Response:
Code: 400 Bad Request
Code: 401 Unauthorized
Code: 403 Forbidden
Code: 404 Not Found
Sample Response:
no content
Notes:
Deletes the SAML identity provider details according to SAML identity provider Id. Once the request is successful, it does not return any content. If the request fails, it returns an error response.