Single Sign On

Get SSO Settings

This endpoint returns the current SSO type and the available SSO types.

GET /api/v2/sso/

GET /api/v2/sso/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

HTTP/1.1 200 OK
Content-Type: application/json

{
    "active_sso": "none",
    "available_sso": [
        "ldap",
        "saml",
        "none"
    ]
}

Update SSO Settings

Update SSO type

PATCH /api/v2/sso/

Payload

Fields	Required	Description
sso_type	Yes	The SSO type to update. Valid types are none, ldap, saml.

PATCH /api/v2/sso/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "sso_type": "ldap"
}

HTTP/1.1 200 OK
Content-Type: application/json

{
    "active_sso": "ldap",
    "available_sso": [
        "ldap",
        "saml",
        "none"
    ]
}

Test LDAP Connection Bind

Performs a simple connection bind and query test against the LDAP server.

POST /api/v2/sso/ldap/connection-test/

Fields	Required	Description
server_uri	Yes	The URI of the LDAP server.
bind_dn	No	The distinguished name to use when binding to the LDAP server. Leave blank for anonymous bind.
bind_password	No	The password used with the bind DN. Leave blank for anonymous bind.
start_tls	No	If checked, each connection to the LDAP server will enable TLS encryption over the standard LDAP port.

POST /api/v2/sso/ldap/connection-test/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "server_uri": "ldaps://ldap.server.com:777",
    "bind_dn": "CN=Bind User,CN=Users,DC=server,DC=com",
    "bind_password": "Password1",
    "start_tls": false
}

HTTP/1.1 200 OK
Content-Type: application/json

{
  "success": true,
  "details": ""
}

Test LDAP User Authentication

Tests user authentication against an LDAP server from the SDE instance.

POST /api/v2/sso/ldap/authentication-test/

Fields	Required	Description
server_uri	Yes	The URI of the LDAP server.
bind_dn	No	The distinguished name to use when binding to the LDAP server. Leave blank for anonymous bind.
bind_password	No	The password used with the bind DN. Leave blank for anonymous bind.
start_tls	No	If checked, each connection to the LDAP server will enable TLS encryption over the standard LDAP port.
username	Yes	The username/email of the authenticating user.
password	Yes	The password of the authenticating user.
base_dn	Yes	The DN within which to search for the user.
scope	No	The scope of the search. A numerical value from 0 to 2 where 0 = base, 1 = one-level and 2 = subtree.
search_filter	Yes	Used by SD Elements to look-up users on the LDAP server. Should almost always be '(mail=%(user)s)'.

POST /api/v2/sso/ldap/authentication-test/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "server_uri": "ldaps://ldap.server.com:777",
    "bind_dn": "CN=Bind User,CN=Users,DC=server,DC=com",
    "bind_password": "Password1",
    "start_tls": true,
    "username": "john@server.com",
    "password": "password",
    "base_dn": "DC=server,DC=com",
    "scope": 2,
    "search_filter": "(mail=%(user)s)"
}

HTTP/1.1 200 OK
Content-Type: application/json

{
  "success": true,
  "details": ""
}

Get SSO Type

Gets the currently active SSO type. Displays all possible SSO options, which can be used when updating the SSO type.

GET /api/v2/sso/

GET /api/v2/sso/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

HTTP/1.1 200 OK
Content-Type: application/json

{
    "active_sso": "none",
    "available_sso": [
        "saml",
        "none"
    ]
}

Update SSO Type

Updates the currently active SSO type.

PATCH /api/v2/sso/

Fields	Required	Description
sso_type	Yes	The type of SSO to enable. Possible values: `none`, `saml`, `ldap`.

PATCH /api/v2/sso/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "sso_type": "saml"
}

HTTP/1.1 200 OK
Content-Type: application/json

{
    "active_sso": "saml",
    "available_sso": [
        "saml",
        "none"
    ]
}

Get SAML Settings

Gets the current settings for the SSO SAML configuration.

GET /api/v2/sso/saml/

GET /api/v2/sso/saml/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

HTTP/1.1 200 OK
Content-Type: application/json

{
    "is_active": false,
    "idp_metadata_file": "remote_idp_metadata.xml",
    "name_id_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted",
    "authn_requests_signed": false,
    "logout_requests_signed": false,
    "want_response_signed": false,
    "login_url": "http://www.org.login.com",
    "logout_url": "http://www.org.logout.com",
    "role_attribute_name": "role",
    "groups_attribute_name": "group",
    "authentication_type": "idp"
}

Update SAML Settings

Updates the current settings for the SSO SAML configuration.

PATCH /api/v2/sso/saml/

Fields	Required	Description
is_active	No	True or False. True enables SAML SSO, False disables it.
idp_metadata_file	No	The SAML IDP file.
signing_cert	No	Optional x509 cert for signing. Auto-generated by default.
signing_key	No	Matching key for signing file. Auto-generated by default.
encryption_cert	No	Optional x509 cert for encryption. Auto-generated by default.
encryption_key	No	Matching key for encryption file. Auto-generated by default.
name_id_format	No	Name format. Restricted to a list of options tabled below.
authn_requestes_signed	No	True or false.
logout_requests_signed	No	True or false.
want_response_signed	No	True or false.
login_url	No	The URL to redirect users to when logging in. Must have URL formatting.
logout_url	No	The URL to redirect users to when logging out. Must have URL formatting.
role_attribute_name	No	The SAML Attribute name containing the user's role
groups_attribute_name	No	The SAML Attribute name containing the user's groups

The name_id_format field above is limited to the following values:

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted

urn:oasis:names:tc:SAML:2.0:nameid-format:entity

urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

urn:oasis:names:tc:SAML:2.0:nameid-format:transient

urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

PATCH /api/v2/sso/saml/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "is_active": false,
    "idp_metadata_file": "remote_idp_metadata.xml",
    "name_id_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted",
    "authn_requests_signed": false,
    "logout_requests_signed": false,
    "want_response_signed": false,
    "login_url": "http://www.org.login.com",
    "logout_url": "http://www.org.logout.com",
    "role_attribute_name": "role",
    "groups_attribute_name": "group",
    "authentication_type": "idp"
}

HTTP/1.1 200 OK
Content-Type: application/json

{
    "is_active": false,
    "idp_metadata_file": "remote_idp_metadata.xml",
    "name_id_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted",
    "authn_requests_signed": false,
    "logout_requests_signed": false,
    "want_response_signed": false,
    "login_url": "http://www.org.login.com",
    "logout_url": "http://www.org.logout.com",
    "role_attribute_name": "role",
    "groups_attribute_name": "group",
    "authentication_type": "idp"
}

SAML configuration API endpoint

SAML configurations can be retrieved and updated via this API endoint.

Fields	Type	Description
is_active	Boolean	shows whether SSO is set to SAML
idp_metadata_file	XML File	contains IdP metadata
signing_cert	String	Public key certificate for signing requests to IdP (only retrieved if using cloud storage)
signing_key	String	Private key for signing requests to IdP (write only)
encryption_cert	String	Public key certificate for decrypting IdP responses (only retrieved if using cloud storage)
encryption_key	String	Private key for decrypting IdP responses (write_only)
name_id_format	String	format of SAML NameID
authn_requestes_signed	Boolean	whether SDE signs authentication requests
logout_requests_signed	Boolean	whether SDE signs logout requests
want_response_signed	Boolean	whether SDE expects signed responses
login_url	String	IDP login url
logout_url	String	IDP logout url
role_attribute_name	String	SAML role attribute name
groups_attribute_name	String	SAML group attribute name

GET /api/v2/sso/saml/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

HTTP/1.1 200 OK
Content-Type: application/json

{
    "is_active": false,
    "idp_metadata_file": "remote_idp_metadata.xml",
    "signing_cert": "-----BEGIN CERTIFICATE-----\r\nMIICLjCCAZegAwIBAgIBADANBgkqhkiG9w0BAQ0FADA0MQswCQYDVQQGEwJ1czEL\r\nMAkGA1UECAwCTWUxCzAJBgNVBAoMAk1lMQswCQYDVQQDDAJNZTAeFw0yMDAzMDMx\r\nODAxNDNaFw0yMTAzMDMxODAxNDNaMDQxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJN\r\nZTELMAkGA1UECgwCTWUxCzAJBgNVBAMMAk1lMIGfMA0GCSqGSIb3DQEBAQUAA4GN\r\nADCBiQKBgQDfpJAvVuyAdP3qcz+SQC7nGgU4djbI9AlhvbFT8kPeII2Z2FQP+qv8\r\ndi0URZ3mxb0JTXwkkla36qU8WOgekie57LgLoFIjcpUVIgjXb2Y9zCPA7CXiJkfF\r\niUV/0h6KXaXrKTOZ7Hrz63sKAeGkfGtKLRvYLUwX8o1V5dAkIJZi/QIDAQABo1Aw\r\nTjAdBgNVHQ4EFgQUzsapxe3/AQNvCqhJ4pDbfuZ2HWAwHwYDVR0jBBgwFoAUzsap\r\nxe3/AQNvCqhJ4pDbfuZ2HWAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOB\r\ngQCUFodc/5wcL0ZN7SUx1KOKct9y8JzynzMjnMW4tajbpIH1q3UNwDkF3KZXV9UM\r\nzindVGmlYaAtFLh6vBTsxcp1GyKeaAhrL+gFrXOmGqT++ABoLplk0pR29a4c+F5h\r\nz4awrtkia9nVPtEl5lNlEu2s6miQE/Fffa2nj+xn5lBxfg==\r\n-----END CERTIFICATE-----",
    "encryption_cert": "-----BEGIN CERTIFICATE-----\r\nMIICSjCCAbOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBCMQswCQYDVQQGEwJjYTEL\r\nMAkGA1UECAwCQkMxEDAOBgNVBAoMB2V4YW1wbGUxFDASBgNVBAMMC2V4YW1wbGUu\r\nY29tMB4XDTIzMDExNjE5MTc1OVoXDTI0MDExNjE5MTc1OVowQjELMAkGA1UEBhMC\r\nY2ExCzAJBgNVBAgMAkJDMRAwDgYDVQQKDAdleGFtcGxlMRQwEgYDVQQDDAtleGFt\r\ncGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYseXJjmbFezhNBI\r\nBexCwxdrfwSsKGHd+8wsUKo8oV/tbBOS7YfoEbt6wHNc35Iu9D++p6HhWnOzK4fT\r\nIRqdwcTWVjIXo/T4OC60U7AG9Z5lQlrGKUCGqPDwN/aYtHVikSAC7ddm2qY7HBa7\r\nwzp/mm1fNGfmQCL+V+Mp7KvDp5sCAwEAAaNQME4wHQYDVR0OBBYEFBiEPTKGuhbt\r\nvQPyLKqzch8DegaOMB8GA1UdIwQYMBaAFBiEPTKGuhbtvQPyLKqzch8DegaOMAwG\r\nA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEADLVFH1zfsj0Ye8JeVaSTTN8H\r\n6wmesRR37LJUg0nYYaVnhBLJGvMkE0nGgymieZPiKN8jY8M7bFwqFSBQwqbayb/r\r\nyrR8QHHUt/GrskedajWD4Aqv7n2l6okwrpngBiI2y9VjTdj37F3I1qDF8VTDjigE\r\nt1J33WrV4NGNtVABWvk=\r\n-----END CERTIFICATE-----",
    "name_id_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
    "authn_requestes_signed": false,
    "logout_requests_signed": false,
    "want_response_signed": true,
    "login_url": "example.com/auth/",
    "logout_url": "example.com/auth/",
    "role_attribute_name": "s_role",
    "groups_attribute_name": "s_groups"
}

Single Sign On

Single Sign On

Get SSO Settings

Update SSO Settings

Payload

Test LDAP Connection Bind

Test LDAP User Authentication

Get SSO Type

Update SSO Type

Get SAML Settings

Update SAML Settings

SAML configuration API endpoint

results matching ""

No results matching ""