{"restSchemaVersion":"1.0","errors":[{"error_id":"INTERNAL_ERROR","description":"Internal server error.","http_status":"500"},{"error_id":"AUTH_REQUIRED","description":"The requested resource requires authentication.","http_status":"401"},{"error_id":"AUTH_INVALID_CREDENTIALS","description":"Invalid username and\/or password.","http_status":"401"},{"error_id":"AUTH_INVALID_SESSION","description":"Session ID is invalid.","http_status":"401"},{"error_id":"AUTH_EXPIRED_PASSWORD","description":"The password must be changed. Access only to password change resources.","http_status":"403"},{"error_id":"AUTH_DISABLED_ACCOUNT","description":"Account is either temporarily or permanently disabled.","http_status":"403"},{"error_id":"AUTH_FORBIDDEN","description":"User is not authorized to access the requested resource.","http_status":"403"},{"error_id":"AUTH_INVALID_TOKEN","description":"OAuth access token is invalid.","http_status":"401"},{"error_id":"AUTH_EXPIRED_TOKEN","description":"OAuth access token is expired.","http_status":"401"},{"error_id":"AUTH_INVALID_CODE","description":"OAuth access code is invalid.","http_status":"401"},{"error_id":"AUTH_EXPIRED_CODE","description":"OAuth access code is expired.","http_status":"401"},{"error_id":"RESOURCE_NOT_FOUND","description":"Requested resource was not found.","http_status":"404"},{"error_id":"HTTP_INVALID_METHOD","description":"Requested method is not available for this resource.","http_status":"405"},{"error_id":"HTTP_INVALID_HEADER","description":"An HTTP header was malformed.","http_status":"400"},{"error_id":"REQUEST_INVALID_INPUT","description":"Malformed input structure.","http_status":"400"},{"error_id":"URI_INVALID_PARAMETER","description":"URI parameter is not supported or malformed.","http_status":"400"},{"error_id":"URI_MISSING_PARAMETER","description":"Missing required parameter.","http_status":"400"}],"name":"cascade.saml","title":"SAML REST API.","version":"1.0","schemas":[],"defaultAuthorization":"required","servicePath":"\/api\/cascade.saml\/1.0","resources":{"Auth_Mappings":{"methods":{"Delete an auth mapping":{"description":"Manage a single SAML attribute auth mapping.","httpmethod":"DELETE","authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"auth_mappings\/{mapping_id}","authorization":"required"},"Add a new auth mapping":{"description":"Mappings for SAML attributes to system roles and permissions.","request":{"properties":{"attr_key":{"description":"SAML attribute key name.","required":true,"type":"string"},"attr_value":{"description":"SAML attribute value to match.","required":true,"type":"string"},"user_role_map_id":{"description":"ID of the mapping.","required":false,"type":"number"},"user_role_id":{"description":"System role to grant   (Profiler-only: event_viewer, dashboard_viewer, restricted, identity_enabled, traffic_filter).","required":true,"type":"string","enum":["administrator","operator","monitor","event_viewer","dashboard_viewer","restricted","identity_enabled","traffic_filter","auto_resolution","edit_dashboards"]}},"description":"Object representing a single SAML attribute mapping.","type":"object","id":"SamlAuthMapping","example":{"user_role_id":"administrator","attr_key":"memberOf","attr_value":"administrators"}},"response":{"properties":{"attr_key":{"description":"SAML attribute key name.","required":true,"type":"string"},"attr_value":{"description":"SAML attribute value to match.","required":true,"type":"string"},"user_role_map_id":{"description":"ID of the mapping.","required":false,"type":"number"},"user_role_id":{"description":"System role to grant   (Profiler-only: event_viewer, dashboard_viewer, restricted, identity_enabled, traffic_filter).","required":true,"type":"string","enum":["administrator","operator","monitor","event_viewer","dashboard_viewer","restricted","identity_enabled","traffic_filter","auto_resolution","edit_dashboards"]}},"description":"Object representing a single SAML attribute mapping.","type":"object","id":"SamlAuthMapping","example":{"user_role_id":"administrator","attr_key":"memberOf","attr_value":"administrators"}},"httpmethod":"POST","formats":["xml","json"],"authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"auth_mappings","authorization":"required"},"Get an auth mapping":{"description":"Manage a single SAML attribute auth mapping.","response":{"properties":{"attr_key":{"description":"SAML attribute key name.","required":true,"type":"string"},"attr_value":{"description":"SAML attribute value to match.","required":true,"type":"string"},"user_role_map_id":{"description":"ID of the mapping.","required":false,"type":"number"},"user_role_id":{"description":"System role to grant   (Profiler-only: event_viewer, dashboard_viewer, restricted, identity_enabled, traffic_filter).","required":true,"type":"string","enum":["administrator","operator","monitor","event_viewer","dashboard_viewer","restricted","identity_enabled","traffic_filter","auto_resolution","edit_dashboards"]}},"description":"Object representing a single SAML attribute mapping.","type":"object","id":"SamlAuthMapping","example":{"user_role_id":"administrator","attr_key":"memberOf","attr_value":"administrators"}},"httpmethod":"GET","formats":["xml","json"],"authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"auth_mappings\/{mapping_id}","authorization":"required"},"Add new auth mappings":{"description":"Create multiple auth mappings.","request":{"description":"List of mappings from SAML attributes to system roles.","items":{"properties":{"attr_key":{"description":"SAML attribute key name.","required":true,"type":"string"},"attr_value":{"description":"SAML attribute value to match.","required":true,"type":"string"},"user_role_map_id":{"description":"ID of the mapping.","required":false,"type":"number"},"user_role_id":{"description":"System role to grant   (Profiler-only: event_viewer, dashboard_viewer, restricted, identity_enabled, traffic_filter).","required":true,"type":"string","enum":["administrator","operator","monitor","event_viewer","dashboard_viewer","restricted","identity_enabled","traffic_filter","auto_resolution","edit_dashboards"]}},"description":"Individual SAML attribute mapping.","required":false,"type":"object","id":"SamlAuthMapping"},"type":"array","id":"SamlAuthMappings","example":[{"user_role_id":"administrator","attr_key":"memberOf","attr_value":"administrators"},{"user_role_id":"operator","attr_key":"memberOf","attr_value":"operators"}]},"httpmethod":"POST","authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"auth_mappings\/bulk_create","authorization":"required"},"Update an auth mapping":{"description":"Manage a single SAML attribute auth mapping.","request":{"properties":{"attr_key":{"description":"SAML attribute key name.","required":true,"type":"string"},"attr_value":{"description":"SAML attribute value to match.","required":true,"type":"string"},"user_role_map_id":{"description":"ID of the mapping.","required":false,"type":"number"},"user_role_id":{"description":"System role to grant   (Profiler-only: event_viewer, dashboard_viewer, restricted, identity_enabled, traffic_filter).","required":true,"type":"string","enum":["administrator","operator","monitor","event_viewer","dashboard_viewer","restricted","identity_enabled","traffic_filter","auto_resolution","edit_dashboards"]}},"description":"Object representing a single SAML attribute mapping.","type":"object","id":"SamlAuthMapping","example":{"user_role_id":"administrator","attr_key":"memberOf","attr_value":"administrators"}},"httpmethod":"PUT","authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"auth_mappings\/{mapping_id}","authorization":"required"},"List auth mappings":{"description":"Mappings for SAML attributes to system roles and permissions.","response":{"description":"List of mappings from SAML attributes to system roles.","items":{"properties":{"attr_key":{"description":"SAML attribute key name.","required":true,"type":"string"},"attr_value":{"description":"SAML attribute value to match.","required":true,"type":"string"},"user_role_map_id":{"description":"ID of the mapping.","required":false,"type":"number"},"user_role_id":{"description":"System role to grant   (Profiler-only: event_viewer, dashboard_viewer, restricted, identity_enabled, traffic_filter).","required":true,"type":"string","enum":["administrator","operator","monitor","event_viewer","dashboard_viewer","restricted","identity_enabled","traffic_filter","auto_resolution","edit_dashboards"]}},"description":"Individual SAML attribute mapping.","required":false,"type":"object","id":"SamlAuthMapping"},"type":"array","id":"SamlAuthMappings","example":[{"user_role_id":"administrator","attr_key":"memberOf","attr_value":"administrators"},{"user_role_id":"operator","attr_key":"memberOf","attr_value":"operators"}]},"httpmethod":"GET","formats":["xml","json"],"authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"auth_mappings","authorization":"required"}}},"Settings":{"methods":{"Apply settings":{"description":"System settings for SAML authentication.","request":{"properties":{"enabled":{"description":"SAML currently enabled.","required":true,"type":"string"},"sign_auth_requests":{"description":"Flag indicating that SAML requests must be signed.","required":false,"type":"string"},"fqdn":{"description":"Fully qualified domain name of this device. The IdP server will redirect all users to this domain name.","required":false,"type":"string"},"idp_metadata":{"description":"XML metadata for identity provider.","required":false,"type":"string"},"nameid_attr":{"description":"Attribute to map to NetProfiler username (blank to use IdP-provided value from metadata).","required":false,"type":"string"},"want_assertions_signed":{"description":"Flag indicating that SAML assertions must be signed.","required":false,"type":"string"},"allow_local_login":{"description":"Flag to allow local login authentication via special URL: \/local_login.php when SAML is enabled. It allows recovering bad SAML settings.","required":false,"type":"string"}},"description":"System settings for SAML authentication.","type":"object","id":"SamlSettings","example":{"sign_auth_requests":true,"enabled":true,"fqdn":"","nameid_attr":"NameID","idp_metadata":"<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\" entityID=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/metadata.php\">  <md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">    <md:KeyDescriptor use=\"signing\">      <ds:KeyInfo xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\">        <ds:X509Data>          <ds:X509Certificate>aaaaaaa<\/ds:X509Certificate>        <\/ds:X509Data>      <\/ds:KeyInfo>    <\/md:KeyDescriptor>    <md:KeyDescriptor use=\"encryption\">      <ds:KeyInfo xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\">        <ds:X509Data>          <ds:X509Certificate>aaaaa<\/ds:X509Certificate>        <\/ds:X509Data>      <\/ds:KeyInfo>    <\/md:KeyDescriptor>    <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/SingleLogoutService.php\"\/>    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient<\/md:NameIDFormat>    <md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/SSOService.php\"\/>  <\/md:IDPSSODescriptor><\/md:EntityDescriptor>","want_assertions_signed":true,"allow_local_login":true}},"response":{"properties":{"enabled":{"description":"SAML currently enabled.","required":true,"type":"string"},"sign_auth_requests":{"description":"Flag indicating that SAML requests must be signed.","required":false,"type":"string"},"fqdn":{"description":"Fully qualified domain name of this device. The IdP server will redirect all users to this domain name.","required":false,"type":"string"},"idp_metadata":{"description":"XML metadata for identity provider.","required":false,"type":"string"},"nameid_attr":{"description":"Attribute to map to NetProfiler username (blank to use IdP-provided value from metadata).","required":false,"type":"string"},"want_assertions_signed":{"description":"Flag indicating that SAML assertions must be signed.","required":false,"type":"string"},"allow_local_login":{"description":"Flag to allow local login authentication via special URL: \/local_login.php when SAML is enabled. It allows recovering bad SAML settings.","required":false,"type":"string"}},"description":"System settings for SAML authentication.","type":"object","id":"SamlSettings","example":{"sign_auth_requests":true,"enabled":true,"fqdn":"","nameid_attr":"NameID","idp_metadata":"<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\" entityID=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/metadata.php\">  <md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">    <md:KeyDescriptor use=\"signing\">      <ds:KeyInfo xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\">        <ds:X509Data>          <ds:X509Certificate>aaaaaaa<\/ds:X509Certificate>        <\/ds:X509Data>      <\/ds:KeyInfo>    <\/md:KeyDescriptor>    <md:KeyDescriptor use=\"encryption\">      <ds:KeyInfo xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\">        <ds:X509Data>          <ds:X509Certificate>aaaaa<\/ds:X509Certificate>        <\/ds:X509Data>      <\/ds:KeyInfo>    <\/md:KeyDescriptor>    <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/SingleLogoutService.php\"\/>    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient<\/md:NameIDFormat>    <md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/SSOService.php\"\/>  <\/md:IDPSSODescriptor><\/md:EntityDescriptor>","want_assertions_signed":true,"allow_local_login":true}},"httpmethod":"PUT","formats":["xml","json"],"authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"settings","authorization":"required"},"Show current settings":{"description":"System settings for SAML authentication.","response":{"properties":{"enabled":{"description":"SAML currently enabled.","required":true,"type":"string"},"sign_auth_requests":{"description":"Flag indicating that SAML requests must be signed.","required":false,"type":"string"},"fqdn":{"description":"Fully qualified domain name of this device. The IdP server will redirect all users to this domain name.","required":false,"type":"string"},"idp_metadata":{"description":"XML metadata for identity provider.","required":false,"type":"string"},"nameid_attr":{"description":"Attribute to map to NetProfiler username (blank to use IdP-provided value from metadata).","required":false,"type":"string"},"want_assertions_signed":{"description":"Flag indicating that SAML assertions must be signed.","required":false,"type":"string"},"allow_local_login":{"description":"Flag to allow local login authentication via special URL: \/local_login.php when SAML is enabled. It allows recovering bad SAML settings.","required":false,"type":"string"}},"description":"System settings for SAML authentication.","type":"object","id":"SamlSettings","example":{"sign_auth_requests":true,"enabled":true,"fqdn":"","nameid_attr":"NameID","idp_metadata":"<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\" entityID=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/metadata.php\">  <md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">    <md:KeyDescriptor use=\"signing\">      <ds:KeyInfo xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\">        <ds:X509Data>          <ds:X509Certificate>aaaaaaa<\/ds:X509Certificate>        <\/ds:X509Data>      <\/ds:KeyInfo>    <\/md:KeyDescriptor>    <md:KeyDescriptor use=\"encryption\">      <ds:KeyInfo xmlns:ds=\"http:\/\/www.w3.org\/2000\/09\/xmldsig#\">        <ds:X509Data>          <ds:X509Certificate>aaaaa<\/ds:X509Certificate>        <\/ds:X509Data>      <\/ds:KeyInfo>    <\/md:KeyDescriptor>    <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/SingleLogoutService.php\"\/>    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient<\/md:NameIDFormat>    <md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https:\/\/cam-tarpon22:8443\/simplesaml\/saml2\/idp\/SSOService.php\"\/>  <\/md:IDPSSODescriptor><\/md:EntityDescriptor>","want_assertions_signed":true,"allow_local_login":true}},"httpmethod":"GET","formats":["xml","json"],"authorization_methods":["BASIC","COOKIE","OAUTH_2_0"],"path":"settings","authorization":"required"}}}},"description":""}