Skip to main content

sources_saml_create

POST 

/sources/saml/

SAMLSource Viewset

Request

Body

required

    name stringrequired

    Possible values: non-empty

    Source's display Name.

    slug stringrequired

    Possible values: non-empty and <= 50 characters, Value must match regular expression ^[-a-zA-Z0-9_]+$

    Internal source name, used in URLs.

    enabled boolean
    authentication_flow uuidnullable

    Flow to use when authenticating existing users.

    enrollment_flow uuidnullable

    Flow to use when enrolling new users.

    user_property_mappings uuid[]
    group_property_mappings uuid[]
    policy_engine_mode PolicyEngineMode (string)

    Possible values: [all, any]

    user_matching_mode UserMatchingModeEnum (string)

    Possible values: [identifier, email_link, email_deny, username_link, username_deny]

    user_path_template string

    Possible values: non-empty

    group_matching_mode GroupMatchingModeEnum (string)

    Possible values: [identifier, name_link, name_deny]

    pre_authentication_flow uuidrequired

    Flow used before authentication.

    issuer string

    Also known as Entity ID. Defaults the Metadata URL.

    sso_url urirequired

    Possible values: non-empty and <= 200 characters

    URL that the initial Login request is sent to.

    slo_url urinullable

    Possible values: <= 200 characters

    Optional URL if your IDP supports Single-Logout.

    allow_idp_initiated boolean

    Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.

    name_id_policy NameIdPolicyEnum (string)

    Possible values: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:transient]

    binding_type BindingTypeEnum (string)

    Possible values: [REDIRECT, POST, POST_AUTO]

    verification_kp uuidnullable

    When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

    signing_kp uuidnullable

    Keypair used to sign outgoing Responses going to the Identity Provider.

    digest_algorithm DigestAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512]

    signature_algorithm SignatureAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512, http://www.w3.org/2000/09/xmldsig#dsa-sha1]

    temporary_user_delete_after Delete temporary users after (string)

    Possible values: non-empty

    Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

    encryption_kp uuidnullable

    When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.

Responses

Schema

    pk uuidrequired
    name stringrequired

    Source's display Name.

    slug stringrequired

    Possible values: <= 50 characters, Value must match regular expression ^[-a-zA-Z0-9_]+$

    Internal source name, used in URLs.

    enabled boolean
    authentication_flow uuidnullable

    Flow to use when authenticating existing users.

    enrollment_flow uuidnullable

    Flow to use when enrolling new users.

    user_property_mappings uuid[]
    group_property_mappings uuid[]
    component stringrequired

    Get object component so that we know how to edit the object

    verbose_name stringrequired

    Return object's verbose_name

    verbose_name_plural stringrequired

    Return object's plural verbose_name

    meta_model_name stringrequired

    Return internal model name

    policy_engine_mode PolicyEngineMode (string)

    Possible values: [all, any]

    user_matching_mode UserMatchingModeEnum (string)

    Possible values: [identifier, email_link, email_deny, username_link, username_deny]

    managed Managed by authentik (string)nullablerequired

    Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

    user_path_template string
    icon stringrequired
    group_matching_mode GroupMatchingModeEnum (string)

    Possible values: [identifier, name_link, name_deny]

    pre_authentication_flow uuidrequired

    Flow used before authentication.

    issuer string

    Also known as Entity ID. Defaults the Metadata URL.

    sso_url urirequired

    Possible values: <= 200 characters

    URL that the initial Login request is sent to.

    slo_url urinullable

    Possible values: <= 200 characters

    Optional URL if your IDP supports Single-Logout.

    allow_idp_initiated boolean

    Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.

    name_id_policy NameIdPolicyEnum (string)

    Possible values: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:transient]

    binding_type BindingTypeEnum (string)

    Possible values: [REDIRECT, POST, POST_AUTO]

    verification_kp uuidnullable

    When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

    signing_kp uuidnullable

    Keypair used to sign outgoing Responses going to the Identity Provider.

    digest_algorithm DigestAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512]

    signature_algorithm SignatureAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512, http://www.w3.org/2000/09/xmldsig#dsa-sha1]

    temporary_user_delete_after Delete temporary users after (string)

    Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

    encryption_kp uuidnullable

    When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.

Loading...