Step 2: Create the new identity provider resource
POST {{apiPath}}/environments/{{envID}}/identityProvidersYou can use the POST {{apiPath}}/environments/{{envID}}/identityProviders endpoint to create the SAML identity provider configuration. This request automatically creates the core attribute mapping to associate the PingOne username attribute with the SAML samlAssertion.subject attribute. To verify the mapping, you can use the ?expand=attributes query filter to show the core attribute mapping details in the POST response.
In the request, the name property for the new identity provider is required and must be unique within the environment. The enabled property is required and should be set to true, and the type property is required and must specify SAML as the identity provider type.
The idpVerification.certificates[].id is required. This is the UUID of the verification certificate that you uploaded in Step 1a. The spSigning.key.id property value is the UUID of the signing key that you uploaded in Step 1b.
The response shows the configuration data for the new identity provider.
|
The response also includes an |
Body
raw ( application/json )
{
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": false,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": false,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""name"": ""SAMLIdP""," + "\n" +
@" ""description"": ""My SAML IdP""," + "\n" +
@" ""type"": ""SAML""," + "\n" +
@" ""enabled"": false," + "\n" +
@" ""spEntityId"": ""https://www.example.com""," + "\n" +
@" ""idpEntityId"": ""https://www.example.com""," + "\n" +
@" ""ssoBinding"": ""HTTP_POST""," + "\n" +
@" ""ssoEndpoint"": ""https://idp.com/sso""," + "\n" +
@" ""authnRequestSigned"": ""false""," + "\n" +
@" ""idpVerification"": {" + "\n" +
@" ""certificates"": [" + "\n" +
@" {" + "\n" +
@" ""id"": ""{{samlIdpVerificationCertID}}""" + "\n" +
@" }" + "\n" +
@" ]" + "\n" +
@" }," + "\n" +
@" ""#spSigning"": {" + "\n" +
@" ""key"": {" + "\n" +
@" ""id"": ""{{samlIdpSigningKeyID}}""" + "\n" +
@" }" + "\n" +
@" }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/identityProviders"
method := "POST"
payload := strings.NewReader(`{
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": false,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/identityProviders HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": false,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"SAMLIdP\",\n \"description\": \"My SAML IdP\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"https://www.example.com\",\n \"idpEntityId\": \"https://www.example.com\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{samlIdpVerificationCertID}}\"\n }\n ]\n },\n \"#spSigning\": {\n \"key\": {\n \"id\": \"{{samlIdpSigningKeyID}}\"\n }\n }\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/identityProviders")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/identityProviders",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": false,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/identityProviders',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": false,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/identityProviders"
payload = json.dumps({
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": False,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "name": "SAMLIdP",\n "description": "My SAML IdP",\n "type": "SAML",\n "enabled": false,\n "spEntityId": "https://www.example.com",\n "idpEntityId": "https://www.example.com",\n "ssoBinding": "HTTP_POST",\n "ssoEndpoint": "https://idp.com/sso",\n "authnRequestSigned": "false",\n "idpVerification": {\n "certificates": [\n {\n "id": "{{samlIdpVerificationCertID}}"\n }\n ]\n },\n "#spSigning": {\n "key": {\n "id": "{{samlIdpSigningKeyID}}"\n }\n }\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/identityProviders")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"name": "SAMLIdP",
"description": "My SAML IdP",
"type": "SAML",
"enabled": false,
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com",
"ssoBinding": "HTTP_POST",
"ssoEndpoint": "https://idp.com/sso",
"authnRequestSigned": "false",
"idpVerification": {
"certificates": [
{
"id": "{{samlIdpVerificationCertID}}"
}
]
},
"\#spSigning": {
"key": {
"id": "{{samlIdpSigningKeyID}}"
}
}
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"name\": \"SAMLIdP\",\n \"description\": \"My SAML IdP\",\n \"type\": \"SAML\",\n \"enabled\": false,\n \"spEntityId\": \"https://www.example.com\",\n \"idpEntityId\": \"https://www.example.com\",\n \"ssoBinding\": \"HTTP_POST\",\n \"ssoEndpoint\": \"https://idp.com/sso\",\n \"authnRequestSigned\": \"false\",\n \"idpVerification\": {\n \"certificates\": [\n {\n \"id\": \"{{samlIdpVerificationCertID}}\"\n }\n ]\n },\n \"#spSigning\": {\n \"key\": {\n \"id\": \"{{samlIdpSigningKeyID}}\"\n }\n }\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/281dd63a-0b91-4511-93ba-7ae5e8285863"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/281dd63a-0b91-4511-93ba-7ae5e8285863/attributes"
}
},
"id": "281dd63a-0b91-4511-93ba-7ae5e8285863",
"type": "SAML",
"name": "SAMLIdP",
"description": "My SAML IdP",
"enabled": false,
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"createdAt": "2021-04-15T22:36:02.251Z",
"updatedAt": "2021-04-15T22:36:02.251Z",
"authnRequestSigned": false,
"ssoEndpoint": "https://idp.com/sso",
"ssoBinding": "HTTP_POST",
"idpVerification": {
"certificates": [
{
"id": "a1fbb28d-..."
}
]
},
"spEntityId": "https://www.example.com",
"idpEntityId": "https://www.example.com"
}