PUT /ssoSettings

Use the PUT method to modify the client settings when an external SAML 2.0 identity provider is used for authentication. The identity provider must be Microsoft Active Directory Federated Services (AD FS) and must reside on a server that is connected to the management network.

Authentication

Authentication with user name and password is required.

Request URL

PUT https://<management_server_IP>/ssoSettings

Query parameters

None

Request body

Attributes Required / Optional Type Description
samlEnabled Optional Boolean Indicates whether an SAML identity provider is used for authentication. This can be one of the following values.
  • true. SAML identity provider is used.
  • false. An SAML identity provider is not used.
spMetadataAttributes Optional Object Information about the SAML service provider metadata.
  entityId Required String The service provider base URL as the unique identifier of the service provider.
  signMetadata Required Boolean Indicates whether the generated metadata is digitally signed. This can be one of the following values.
  • true. Metadata must be signed.
  • false. Metadata can be unsigned.
  signingAlgorithm Required String The algorithm that is used to create digital signature on the metadata object. This can be the following value:
  • sha1
  signAuthenticationRequests Required Boolean Indicates whether authentication requests are signed. This can be one of the following values.
  • true. Authentication requests are signed.
  • false. Authentication requests are not signed.
  requireSignedAuthenticationResponse Required Boolean Indicates whether authentication responses are signed. This can be one of the following values.
  • true. Authentication responses are signed.
  • false. Authentication responses are not signed.
  requireSignedArtifactResolution Required Boolean Indicates whether the signing of artifact resolution requests sent to the remote identity providers is enabled. This can be one of the following values:
  • true. Signing of artifact resolutions is enabled.
  • false. Signing of artifact resolutions is disabled.
idpMetadata Optional String SAML identity provider metadata that was retrieved from ADFS.

Request example

{
    "samlEnabled":true,
    "spMetadataParameters":{
        "entityId":"10.243.2.124",
        "signMetadata":true,
        "signingAlgorithm":"sha1",
        "signAuthenticationRequests":true,
        "requireSignedAuthenticationResponse":true,
        "requireSignedArtifactResolution":true
    },
    "idpMetadata":"IDP metadata xml"
}

Response codes

Code Description
200 OK. The request completed successfully.
400 Bad request. An argument is missing or is not valid. A descriptive error message is returned in the response body.
409 Conflict. A descriptive error message is returned in the response body.
500 Internal server error. A descriptive error message is returned in the response body.

Response body

Attributes Type Description
result String Results of the request. This can be one of the following values.
  • success. The request completed successfully.
  • failed. The request failed. A descriptive error message was returned.
  • warning. The request completed with a warning. A descriptive error message was returned.
messages Array of objects Information about one or more messages
  id String Message identifier of a returned message
  text String Message text associated with the message identifier
  explanation String Additional information to clarify the reason for the message
  recovery Array of objects Recovery information
    text String User actions that can be taken to recover from the event
    URL String Link to the help system for more information, if available

Response example

{
    "result": "failure",
    "messages": [{
        "explanation": "The request to change the SAML  configuration could not complete for an unknown
                        reason.",
        "id": "FQXHMSE0611J",
        "recovery": {
            "text": "Specify valid parameters on the request and try the request again. If the problem
                     persists, contact Support.",
            "URL": ""
        },
        "text": "The request to change the SAML  configuration could not be completed successfully."
    }]
}