Create Identity Provider (SAML)
POST {{apiPath}}/environments/{{envID}}/identityProvidersThe sample shows the request with the type property set to SAML. In addition, this sample uses an expand filter in the request URL to show SAML attribute details.
The _embedded attribute in the response lists the SAML attribute mapping resources associated with the new identity provider resource. This particular identity provider has only the default mapping, in which the PingOne username attribute is mapped to the ${samlAssertion.subject} SAML attribute.
|
Request Model
SAML identity provider settings data model
| Property | Type | Required? |
|---|---|---|
|
Boolean |
Required |
|
String |
Required |
|
String |
Required |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Optional |
|
String |
Required |
|
String |
Required |
SAML core attributes
| Property | Description |
|---|---|
|
A string that specifies the core SAML attribute. The default value is |
Body
raw ( application/json )
{
"name": "SAMLIdP",
"description": "this is SAML IdP test",
"type": "SAML",
"enabled": false,
"spEntityId": "sp-{$timestamp}",
"idpEntityId": "idp-{$timestamp}",
"sloWindow": 23,
"sloResponseEndpoint": "https://slo.response.endpoint",
"sloBinding": "HTTP_POST",
"sloEndpoint": "https://slo.endpoint",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{certID}}"
}
]
},
"spSigning": {
"key": {
"id": "{{spSigningID}}"
}
"algorithm": "SHA256withECDSA"
}
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"name": "SAMLIdP",
"description": "this is SAML IdP test",
"type": "SAML",
"enabled": false,
"spEntityId": "sp-{$timestamp}",
"idpEntityId": "idp-{$timestamp}",
"sloWindow": 23,
"sloResponseEndpoint": "https://slo.response.endpoint",
"sloBinding": "HTTP_POST",
"sloEndpoint": "https://slo.endpoint",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{certID}}"
}
]
},
"spSigning": {
"key": {
"id": "{{spSigningID}}"
}
"algorithm": "SHA256withECDSA"
}
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""name"": ""SAMLIdP""," + "\n" +
@" ""description"": ""this is SAML IdP test""," + "\n" +
@" ""type"": ""SAML""," + "\n" +
@" ""enabled"": false," + "\n" +
@" ""spEntityId"": ""sp-{$timestamp}""," + "\n" +
@" ""idpEntityId"": ""idp-{$timestamp}""," + "\n" +
@" ""sloWindow"": 23," + "\n" +
@" ""sloResponseEndpoint"": ""https://slo.response.endpoint""," + "\n" +
@" ""sloBinding"": ""HTTP_POST""," + "\n" +
@" ""sloEndpoint"": ""https://slo.endpoint""," + "\n" +
@" ""ssoBinding"": ""HTTP_POST""," + "\n" +
@" ""ssoEndpoint"": ""https://idp.com/sso""," + "\n" +
@" ""authnRequestSigned"": ""false""," + "\n" +
@" ""idpVerification"": {" + "\n" +
@" ""certificates"": [" + "\n" +
@" {" + "\n" +
@" ""id"": ""{{certID}}""" + "\n" +
@" }" + "\n" +
@" ]" + "\n" +
@" }," + "\n" +
@" ""spSigning"": {" + "\n" +
@" ""key"": {" + "\n" +
@" ""id"": ""{{spSigningID}}""" + "\n" +
@" }" + "\n" +
@" ""algorithm"": ""SHA256withECDSA""" + "\n" +
@" }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/identityProviders"
method := "POST"
payload := strings.NewReader(`{
"name": "SAMLIdP",
"description": "this is SAML IdP test",
"type": "SAML",
"enabled": false,
"spEntityId": "sp-{$timestamp}",
"idpEntityId": "idp-{$timestamp}",
"sloWindow": 23,
"sloResponseEndpoint": "https://slo.response.endpoint",
"sloBinding": "HTTP_POST",
"sloEndpoint": "https://slo.endpoint",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{certID}}"
}
]
},
"spSigning": {
"key": {
"id": "{{spSigningID}}"
}
"algorithm": "SHA256withECDSA"
}
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/identityProviders HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"name": "SAMLIdP",
"description": "this is SAML IdP test",
"type": "SAML",
"enabled": false,
"spEntityId": "sp-{$timestamp}",
"idpEntityId": "idp-{$timestamp}",
"sloWindow": 23,
"sloResponseEndpoint": "https://slo.response.endpoint",
"sloBinding": "HTTP_POST",
"sloEndpoint": "https://slo.endpoint",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{certID}}"
}
]
},
"spSigning": {
"key": {
"id": "{{spSigningID}}"
}
"algorithm": "SHA256withECDSA"
}
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/identityProviders")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/identityProviders",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}",
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/identityProviders',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: '{\n "name": "SAMLIdP",\n "description": "this is SAML IdP test",\n "type": "SAML",\n "enabled": false,\n "spEntityId": "sp-{$timestamp}",\n "idpEntityId": "idp-{$timestamp}",\n "sloWindow": 23,\n "sloResponseEndpoint": "https://slo.response.endpoint",\n "sloBinding": "HTTP_POST",\n "sloEndpoint": "https://slo.endpoint",\n "ssoBinding": "HTTP_POST",\n "ssoEndpoint": "https://idp.com/sso",\n "authnRequestSigned": "false",\n "idpVerification": {\n "certificates": [\n {\n "id": "{{certID}}"\n }\n ]\n },\n "spSigning": {\n "key": {\n "id": "{{spSigningID}}"\n }\n "algorithm": "SHA256withECDSA"\n }\n}'
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/identityProviders"
payload = "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}"
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "name": "SAMLIdP",\n "description": "this is SAML IdP test",\n "type": "SAML",\n "enabled": false,\n "spEntityId": "sp-{$timestamp}",\n "idpEntityId": "idp-{$timestamp}",\n "sloWindow": 23,\n "sloResponseEndpoint": "https://slo.response.endpoint",\n "sloBinding": "HTTP_POST",\n "sloEndpoint": "https://slo.endpoint",\n "ssoBinding": "HTTP_POST",\n "ssoEndpoint": "https://idp.com/sso",\n "authnRequestSigned": "false",\n "idpVerification": {\n "certificates": [\n {\n "id": "{{certID}}"\n }\n ]\n },\n "spSigning": {\n "key": {\n "id": "{{spSigningID}}"\n }\n "algorithm": "SHA256withECDSA"\n }\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/identityProviders")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{\\$timestamp}\",\n \"idpEntityId\": \"idp-{\\$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}"
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"name\": \"SAMLIdP\",\n \"description\": \"this is SAML IdP test\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"sp-{$timestamp}\",\n \"idpEntityId\": \"idp-{$timestamp}\",\n \"sloWindow\": 23,\n \"sloResponseEndpoint\": \"https://slo.response.endpoint\",\n \"sloBinding\": \"HTTP_POST\",\n \"sloEndpoint\": \"https://slo.endpoint\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{certID}}\"\n }\n ]\n },\n \"spSigning\": {\n \"key\": {\n \"id\": \"{{spSigningID}}\"\n }\n \"algorithm\": \"SHA256withECDSA\"\n }\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/a9e4e181-f520-4e6e-af30-d3559781ad1b"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/a9e4e181-f520-4e6e-af30-d3559781ad1b/attributes"
}
},
"id": "a9e4e181-f520-4e6e-af30-d3559781ad1b",
"type": "SAML",
"name": "SAMLIdP",
"description": "this is SAML IdP test",
"enabled": false,
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"createdAt": "2019-06-17T17:20:12.294Z",
"updatedAt": "2019-06-17T17:20:12.294Z",
"_embedded": {
"attributes": [
{
"name": "username",
"value": "${samlAssertion.subject}",
"update": "EMPTY_ONLY",
"id": "51a036c6-41ed-44f7-bd1d-eacaa2a1feab",
"mappingType": "CORE",
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"identityProvider": {
"id": "a9e4e181-f520-4e6e-af30-d3559781ad1b"
},
"createdAt": "2019-06-17T17:20:12.294Z",
"updatedAt": "2019-06-17T17:20:12.294Z"
}
]
},
"authnRequestSigned": false,
"sloWindow": 23,
"sloResponseEndpoint": "https://slo.response.endpoint",
"sloBinding": "HTTP_POST",
"sloEndpoint": "https://slo.endpoint",
"ssoEndpoint": "https://idp.com/sso",
"ssoBinding": "HTTP_POST",
"idpVerification": {
"certificates": [
{
"id": "123f67f8-c56c-4903-9c9b-c4b162e22789"
}
]
},
"spEntityId": "sp-1560792011",
"spSigning": {
"key": {
"id": "11052663-a0c5-4788-8624-c88ee1aa26be"
},
"algorithm": "SHA256withECDSA"
},
"idpEntityId": "idp-1560792011"
}