Access Control (REST) API - SAML Service Provider
This section includes REST APIs for working with Access Control SAML Service Provider tasks.
Get SAML Service Provider Metadata - GET /SamlServiceProvider/metadata (v2.0 and up)
Get metadata (xml) for the SAML service provider.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
GET /SamlServiceProvider/metadata and get metadata for the SAML service provider
URL
/cxrestapi/auth/SamlServiceProvider/metadata
Method:
GET
Media Type (header):
Authorization: Bearer <access token value>
Accept: application/json;v=1.0
Parameters
None
Success Response:
Code: 200 Success
Error Response:
Code: 401 Unauthorized
Code: 403 Forbidden
Sample Response:
<md:EntityDescriptor entityID="http://localhost" ID="_59280630-ea4b-4dfe-bd46-5b253e729d6d" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> <md:SPSSODescriptor ID="_3703498e-2aac-42d4-bc39-c10c76ae0dbe" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAssertionsSigned="true"> <md:KeyDescriptor> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIDPzCCAiegAwIBAgIIdeTLjQSFpkgwDQYJKoZIhvcNAQENBQAwGTEXMBUGA1UEAwwOQWNjZXNzIENvbnRyb2wwHhcNMTkwMjIwMDk0NDM3WhcNMjkwMjIwMDk0NDM3WjAZMRcwFQYDVQQDDA5BY2Nlc3MgQ29udHJvbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIxUCW1lFd598hJdHhBuUGOjMokZT3zOfepKqL8tjSu7nG5ImQrRbBcDfToQoL5X9Ey08EOhq6hVp6TJOoL9ggN8oqMCiIGqeg+Djcz293t/sFOtxfXsMc+……………………….. ==</X509Certificate> </X509Data> </KeyInfo> </md:KeyDescriptor> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost/CxRestAPI/auth/identity/samlAcs" index="0" isDefault="true" /> <md:AttributeConsumingService index="0" isDefault="true"> <md:ServiceName xml:lang="en">auth</md:ServiceName> <md:RequestedAttribute Name="First_Name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="First Name" isRequired="true" /> <md:RequestedAttribute Name="Last_Name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Last Name" isRequired="true" /> <md:RequestedAttribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Email" isRequired="true" /> <md:RequestedAttribute Name="Job" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Job Title" isRequired="false" /> <md:RequestedAttribute Name="Phone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Phone Number" isRequired="false" /> <md:RequestedAttribute Name="Cell_Phone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Cellular Phone Number" isRequired="false" /> <md:RequestedAttribute Name="Language" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Language Culture Name" isRequired="false"> <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">es-ES</saml:AttributeValue> </md:RequestedAttribute> <md:RequestedAttribute Name="Team" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Team Full Path" isRequired="false"> <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">CxServer/Team1/Team2/Team3</saml:AttributeValue> </md:RequestedAttribute> <md:RequestedAttribute Name="Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="User Role Name" isRequired="false"> <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Admin</saml:AttributeValue> </md:RequestedAttribute> </md:AttributeConsumingService> </md:SPSSODescriptor> </md:EntityDescriptor>
Notes:
Returns xml metadata for the SAML service provider.
Get SAML Service Provider - GET /SamlServiceProvider (v2.0 and up)
Get details of the SAML service provider.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
GET /SamlServiceProvider and get details of the SAML service provider
PUT /SamlServiceProvider and update the SAML service provider’s details
URL
/cxrestapi/auth/SamlServiceProvider
Method:
GET
Media Type (header):
Authorization: Bearer <access token value>
Accept: application/json;v=1.0
Parameters
None
Success Response:
Code: 200 Success
Error Response:
Code: 401 Unauthorized
Code: 403 Forbidden
Code: 404 Not found
Sample Response:
{
"assertionConsumerServiceUrl": "http://localhost/CxRestAPI/auth/identity/samlAcs",
"certificateFileName": "DefaultSamlServiceProvider.pfx",
"certificateSubject": "CN=Access Control",
"issuer": "http://localhost"
}Notes:
Retrieves SAML service provider details. If the request fails, it returns an error response.
Update a SAML Service Provider - PUT /SamlServiceProvider (v2.0 and up)
Update the SAML service provider’s details.
Notice
The ‘Manage Authentication Providers’ permission is required to execute this API.
Usage:
GET /SamlServiceProvider and get details of the SAML service provider
PUT /SamlServiceProvider and update the SAML service provider’s details
URL
/cxrestapi/auth/SamlServiceProvider
Method:
PUT
Media Type (header):
Authorization: Bearer <access token value>
Content-Type: application/json;v=1.0
Parameters
Content-type [multipart/form-data]: Specifies the SAML Service Provider details
CertificateFile=[file] – Service provider certificate file
CertificatePassword=[string] – Service provider certificate password
Issuer=[string] - SAML authentication request issuer
Success Response:
Code: 204 Success
Error Response:
Code: 400 Returns error messages
Code: 401 Unauthorized
Code: 403 Forbidden
Sample Response:
no content
Notes:
Updates the SAML service provider details according to the defined parameters. Once the request is successful, it does not return any content. If the request fails, it returns an error response.