Unify and manage your data

Create SAML Configuration

Create SAML Configuration on a Tenant

This SAML SSO Configuration API is designed to create SAML configuration on a tenant which belongs to a customer.

Request

Operation Endpoint

POST {URL}/api/v1/security/samlconfig/{customer}/{tenant}

Where the URL is: https://prod-security-service.reltio.com.

Table 1. Parameters
Parameter Required Description
Headers Content-Type Yes Must be "Content-Type: application/json"
Query customerId Yes Customer ID
Query tenantId Yes Tenant ID

Sample Request

{
   "metaData":"<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor entityID=\"http://www.okta.com/exk1785cmeJqhHxrL357\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"&gt;&lt;ds:X509Data&gt;&lt;ds:X509Certificate&gt;MIIDpDCCAoygAwIBAgIGAWzN7OL0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0xMjY5MDgxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTkwODI2MTIzNDQ5WhcNMjkwODI2MTIzNTQ5WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMTI2OTA4MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj99UM28826bNArqAARts+VskYHEgx/nejXSxJbjosupOQGbLlKstNMCXImYM0nF5iKvDh/d/X9yImnjg4AQ10lJ/v/3JygiC+cOf7UhomIisauUvmuteu7fXgDV0KAr1ZalgX5N9V9IfhCgZsQbHoyfCkzQ+vinE8+y2bn1zNAKNq8p4M680gESXvZLnDouVIO/m+cAWvasdwTyp9R7GAEUnBlJFWHeK1Cw9V/Get/im1EJpJ3RgxWNSY96DuxcCQ4mk7b+FeQjUK9kAA3sgxS8FS+vtUOgv/Q0wd5H/4g/CV5toOpaY3txcydWOB5R6pe12zICIg4jiqVGsDfsOQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWvHqB9BbLiGmCzpJC3QCqlQyKbjsOu6lEsl0hV86i76ylDBc427sskak/6Tf6Cl+n5YX5xnb3U5ohUoQ1/3AGJF1cJqwU8HmQkwoCywIFr+Q09833v4EGrQ9vxTwFX3CuOPTBMDYVbFOgtjn/JIY3fPcUGfcurfxT5rQSq1g72m17GymW8wzUsATf6x5RrdT4Nw/W8HizPErUIbGZS4V0QVZGdPrU9YsbsmWPA8FITM66wS+mKRqkVkGzunFk6Vo5febGiuqOO2IfpO6pY1ikbn8NTkabft7LKFqbNqUeIHNQKjoS2EWaIdO41+JqxWKwwOoBn8fcU894Jwgm9n1m&lt;/ds:X509Certificate&gt;&lt;/ds:X509Data&gt;&lt;/ds:KeyInfo&gt;&lt;/md:KeyDescriptor&gt;&lt;md:NameIDFormat&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/md:NameIDFormat&gt;&lt;md:NameIDFormat&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/md:NameIDFormat&gt;<md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://dev-126908.okta.com/app/reltioindiapvtltddev126908_samltestapplication_2/exk1785cmeJqhHxrL357/sso/saml\"/&gt;<md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://dev-126908.okta.com/app/reltioindiapvtltddev126908_samltestapplication_2/exk1785cmeJqhHxrL357/sso/saml\"/&gt;&lt;/md:IDPSSODescriptor&gt;&lt;/md:EntityDescriptor>",
   "emailSAMLAttribute":"email",
   "rolesSAMLAttribute":"roles",
   "rolesMappingRegex":"(AZ_[a-zA-Z0-9_]*),*?",
   "defaultRoles":[
      "ROLE_USER",
      "ROLE_API"
   ],
   "groupsSAMLAttribute":"groups",
   "groupsMappingRegex":"(AZ_[a-zA-Z0-9_]*),*?",
   "defaultGroups":["sso_group1"]
}

Sample Response

{
    "metadata": "<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"urn:amazon:cognito:sp:us-east-1_uvzCxB8FG\">    <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>        <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://reltio-samlssotenant.auth.us-east-1.amazoncognito.com/saml2/idpresponse\" index=\"1\" />    </md:SPSSODescriptor></md:EntityDescriptor>",
    "acsURL": "https://reltio-samlssotenant.auth.us-east-1.amazoncognito.com/saml2/idpresponse",
    "entityID": "urn:amazon:cognito:sp:us-east-1_uvzCxB8FG",
    "defaultRoles": [
        "ROLE_API",
        "ROLE_USER"
    ],
    "emailSAMLAttribute": "email",
    "rolesSAMLAttribute": "roles",
    "rolesMappingRegex": "regex",
    "defaultGroups": [
        "sso_group1"
    ],
    "groupsSAMLAttribute": "groups",
    "groupsMappingRegex": "OU=([a-zA-Z0-9_]*).*?"
}