SAML Configuration v1.0

Resource: saml_settings

SAML configuration

http://{device}/api/npm.saml/1.0/settings

JSON

{
  "enabled": boolean,
  "fqdn": string,
  "idp_metadata": string,
  "require_signed_assertions": boolean,
  "roles_attr": string,
  "sign_auth_requests": boolean,
  "username_attr": string
}

{
  "enabled": boolean,
  "fqdn": string,
  "idp_metadata": string,
  "require_signed_assertions": boolean,
  "roles_attr": string,
  "sign_auth_requests": boolean,
  "username_attr": string
}

Property Name	Type	Description	Notes
saml_settings	<object>	SAML configuration	Required properties: [enabled, idp_metadata, fqdn, username_attr, roles_attr, sign_auth_requests, require_signed_assertions];
saml_settings.enabled	<boolean>	Whether SAML logins are enabled
saml_settings.fqdn	<string>	Override the detected fully-qualified domain name of this SP
saml_settings.idp_metadata	<string>	XML metadata of the Identity Provider
saml_settings.require_signed_assertions	<boolean>	Whether assertions from the IdP must be signed
saml_settings.roles_attr	<string>	SAML attribute containing the user's roles
saml_settings.sign_auth_requests	<boolean>	Whether requests from the SP should be signed
saml_settings.username_attr	<string>	SAML attribute containing the username. Leave blank to use SAML NameID.

Links

saml_settings: get

GET http://{device}/api/npm.saml/1.0/settings

Response Body

Returns a saml_settings data object.

saml_settings: set

PUT http://{device}/api/npm.saml/1.0/settings

Request Body

Provide a saml_settings data object.

Response Body

Returns a saml_settings data object.

Resource: sp_certificate

The SSL certificate used to sign SP requests to the IdP

http://{device}/api/npm.saml/1.0/sp_certificate

JSON

{
  "expires_at": integer,
  "fingerprint": {
    "algorithm": string,
    "value": string
  },
  "issuer": distinguished_name,
  "key": {
    "algorithm": string,
    "size": integer
  },
  "pem": string,
  "subject": distinguished_name,
  "valid_at": integer
}

{
  "expires_at": integer,
  "fingerprint": {
    "algorithm": string,
    "value": string
  },
  "issuer": distinguished_name,
  "key": {
    "algorithm": string,
    "size": integer
  },
  "pem": string,
  "subject": distinguished_name,
  "valid_at": integer
}

Property Name	Type	Description	Notes
sp_certificate	<object>	The SSL certificate used to sign SP requests to the IdP	Required properties: [issuer, subject, valid_at, expires_at, fingerprint, key, pem];
sp_certificate.expires_at	<integer>	Time at which the certificate expires, in Unix epoch seconds
sp_certificate.fingerprint	<object>	Certificate fingerprint information	Required properties: [algorithm, value];
sp_certificate.fingerprint.algorithm	<string>	The algorithm used to calculate the fingerprint
sp_certificate.fingerprint.value	<string>	Fingerprint value
sp_certificate.issuer	<distinguished_name>	Distinguished name information
sp_certificate.key	<object>	Certificate key information	Required properties: [algorithm, size];
sp_certificate.key.algorithm	<string>	The algorithm used to generate the key
sp_certificate.key.size	<integer>	The size (number of bits) of the key
sp_certificate.pem	<string>	The certificate, in PEM format
sp_certificate.subject	<distinguished_name>	Distinguished name information
sp_certificate.valid_at	<integer>	Time at which the certificate becomes valid, in Unix epoch seconds

Links

sp_certificate: generate

Generate a new self-signed certificate and private key. This replaces the current certificate.

POST http://{device}/api/npm.saml/1.0/sp_certificate/generate

Request Body

Provide a distinguished_name data object.

Response Body

Returns a sp_certificate data object.

sp_certificate: get

GET http://{device}/api/npm.saml/1.0/sp_certificate

Response Body

Returns a sp_certificate data object.

sp_certificate: import

Import a new certificate and private key

POST http://{device}/api/npm.saml/1.0/sp_certificate/import

Request Body

Provide a request body with the following structure:

JSON

{
  "passphrase": string,
  "pem": any
}

{
  "passphrase": string,
  "pem": any
}

Property Name	Type	Description	Notes
sp_certificate.links.import.request	<object>	Import request format	Required properties: [pem];
sp_certificate.links.import.request. passphrase	<string>	Optional passphrase to decrypt private key	Optional;
sp_certificate.links.import.request.pem	<any>	Certificate and private key to import, in PEM format

Response Body

Returns a sp_certificate data object.

Type: distinguished_name

Distinguished name information

JSON

{
  "common_name": string,
  "country": string,
  "email": string,
  "locality": string,
  "organization": string,
  "organizational_unit": string,
  "state": string
}

{
  "common_name": string,
  "country": string,
  "email": string,
  "locality": string,
  "organization": string,
  "organizational_unit": string,
  "state": string
}

Property Name	Type	Description	Notes
distinguished_name	<object>	Distinguished name information
distinguished_name.common_name	<string>	Common name (CN)	Optional;
distinguished_name.country	<string>	Country code (C)	Optional;
distinguished_name.email	<string>	Email address	Optional;
distinguished_name.locality	<string>	Locality (L)	Optional;
distinguished_name.organization	<string>	Organization name (O)	Optional;
distinguished_name.organizational_unit	<string>	Organization unit name (OU)	Optional;
distinguished_name.state	<string>	State or province name (ST)	Optional;