SAML Configuration v1.0
Created Dec 18, 2020 at 07:09 PM

Resource: saml_settings

SAML configuration

  • JSON
  • {
      "enabled": boolean,
      "fqdn": string,
      "idp_metadata": string,
      "require_signed_assertions": boolean,
      "roles_attr": string,
      "sign_auth_requests": boolean,
      "username_attr": string
    Property Name Type Description Notes
    saml_settings <object> SAML configuration Required properties: [enabled, idp_metadata, fqdn, username_attr, roles_attr, sign_auth_requests, require_signed_assertions];
    saml_settings.enabled <boolean> Whether SAML logins are enabled
    saml_settings.fqdn <string> Override the detected fully-qualified domain name of this SP
    saml_settings.idp_metadata <string> XML metadata of the Identity Provider
    saml_settings.require_signed_assertions <boolean> Whether assertions from the IdP must be signed
    saml_settings.roles_attr <string> SAML attribute containing the user's roles
    saml_settings.sign_auth_requests <boolean> Whether requests from the SP should be signed
    saml_settings.username_attr <string> SAML attribute containing the username. Leave blank to use SAML NameID.

    Resource: sp_certificate

    The SSL certificate used to sign SP requests to the IdP

  • JSON
  • {
      "expires_at": integer,
      "fingerprint": {
        "algorithm": string,
        "value": string
      "issuer": distinguished_name,
      "key": {
        "algorithm": string,
        "size": integer
      "pem": string,
      "subject": distinguished_name,
      "valid_at": integer
    Property Name Type Description Notes
    sp_certificate <object> The SSL certificate used to sign SP requests to the IdP Required properties: [issuer, subject, valid_at, expires_at, fingerprint, key, pem];
    sp_certificate.expires_at <integer> Time at which the certificate expires, in Unix epoch seconds
    sp_certificate.fingerprint <object> Certificate fingerprint information Required properties: [algorithm, value];
    sp_certificate.fingerprint.algorithm <string> The algorithm used to calculate the fingerprint
    sp_certificate.fingerprint.value <string> Fingerprint value
    sp_certificate.issuer <distinguished_name> Distinguished name information
    sp_certificate.key <object> Certificate key information Required properties: [algorithm, size];
    sp_certificate.key.algorithm <string> The algorithm used to generate the key
    sp_certificate.key.size <integer> The size (number of bits) of the key
    sp_certificate.pem <string> The certificate, in PEM format
    sp_certificate.subject <distinguished_name> Distinguished name information
    sp_certificate.valid_at <integer> Time at which the certificate becomes valid, in Unix epoch seconds

    Type: distinguished_name

    Distinguished name information

  • JSON
  • {
      "common_name": string,
      "country": string,
      "email": string,
      "locality": string,
      "organization": string,
      "organizational_unit": string,
      "state": string
    Property Name Type Description Notes
    distinguished_name <object> Distinguished name information
    distinguished_name.common_name <string> Common name (CN) Optional; <string> Country code (C) Optional; <string> Email address Optional;
    distinguished_name.locality <string> Locality (L) Optional;
    distinguished_name.organization <string> Organization name (O) Optional;
    distinguished_name.organizational_unit <string> Organization unit name (OU) Optional;
    distinguished_name.state <string> State or province name (ST) Optional;