Overview
This guide gives step by step instructions on how you can integrate miniOrange Identity Provider and User Store APIs with your system.
Pre-requisites
- You need to create a free trial account with miniOrange.
- Login to our console and Click on the Settings provided on the right top corner of the console.
- Copy your Api Key and follow the steps below to generate the Authentication Header.
Step 1: Create Authentication Header
To be able to call our challenge and validate Rest APIs, you will need to set the authorization headers required to make sure that the request being made is by a valid user. You can check the sample JAVA and PHP code below to get an idea on how you can create the authorization headers.
The following values need to be set in the Header of the HTTP Request being made.
Attribute | Description |
---|---|
Customer-Key | Your customer key. |
Api-Key | Your Api Key |
Timestamp | The time in milliseconds when the request is being made |
Authorization | Sha 512 Hash Value consisting of the customer key , current timestamp and api key. |
You can get your Customer-Key and Api Key by following these steps:
- Log in to your Admin Dashboard.
- Go to System Settings from the top right corner. You will find all of your information under the Account Details section.
- Java
- PHP
/* You can get customer Key and customer Api Key from your admin dashboard */
String customerKey = "<YOUR_CUSTOMER_KEY>";
String apiKey = "<YOUR_API_KEY>";
/* Current time in milliseconds since midnight, January 1, 1970 UTC. */
String currentTimeInMillis = String.valueOf(System.currentTimeMillis());
/* Creating the Hash using SHA-512 algorithm (Apache Shiro library) */
String stringToHash = customerKey + currentTimeInMillis + apiKey;
String hashValue = new Sha512Hash(stringToHash).toHex().toLowerCase();
HttpPost postRequest = new HttpPost("<URL for calling API>");
/* Setting the Authorization Header values */
postRequest.setHeader("Customer-Key", customerKey);
postRequest.setHeader("Timestamp", currentTimeInMillis);
postRequest.setHeader("Authorization", hashValue)
/* You can get customer Key and customer Api Key from your admin dashboard*/
$customerKey = "<YOUR_CUSTOMER_KEY>";
$apiKey = "<YOUR_API_KEY>";
/* Current time in milliseconds since midnight, January 1, 1970 UTC. */
$currentTimeInMillis = round(microtime(true) * 1000);
/* Creating the Hash using SHA-512 algorithm */
$stringToHash = $customerKey . number_format ( $currentTimeInMillis, 0, '', '' ) . $apiKey;
$hashValue = hash("sha512", $stringToHash);
/* Add $customerKeyHeader,$timestampHeader and $authorizationHeader in the httpheader */
$customerKeyHeader = "Customer-Key: " . $customerKey;
$timestampHeader = "Timestamp: " . number_format ( $currentTimeInMillis, 0, '', '' );
$authorizationHeader = "Authorization: " . $hashValue;
Step 2: API Details
Get All Configured SAML IdPs
To get all configured saml idps, you need to make a HTTP GET request to our get all SAML IdPs API.
Endpoint Information:
Type | Information |
---|---|
Method | GET |
URL | https://login.xecurify.com/api/v1/idp/saml/{customerId}?startIndex={startIndex}&count={count} |
Request headers:
Parameters | Type |
---|---|
Customer-Key | int |
Timestamp | int |
Authorization | String |
CustomerKey
: CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp
: Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization
: Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Request Parameters:
Parameters | Type | Comments |
---|---|---|
customerId (required) | int | CustomerKey for your account |
startIndex (optional) | Int | Defaults to 1 if no value passed |
count (optional) | Int | Defaults to 20 if no value passed |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>
, <START_INDEX>
, <COUNT>
, <AUTHORIZATION>
and <TIMESTAMP>
with the respective values
- cURL
- Java
- PHP
curl --location --request GET 'https://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>?startIndex=<START_INDEX>&count=<COUNT>' \
--header 'Authorization: <AUTHORIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>'
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>?startIndex=<START_INDEX>&count=<COUNT>")
.method("GET", body)
.addHeader("Authorization", "<AUTHORIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.build();
Response response = client.newCall(request).execute();
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>?startIndex=<START_INDEX>&count=<COUNT>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHORIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Example Request:
https://login.xecurify.com/api/v1/idp/saml/12312?startIndex=8&count=10
Example Response:
{
"customerId": 12312,
"status": "SUCCESS",
"message": "Identity Provider settings retrieved successfully",
"idpList": {
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 10,
"resources": [
{
"displayName": "SamlApiTest",
"userLoginAllowed": false,
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"isDefault": false,
"domainMapping": "",
"attributeMapping": [
{
"incomingAttribute": "test",
"outgoingAttribute": "test"
},
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
],
"identifier": "SamlApiTest",
"entityId": "https://localhost",
"loginUrl": "https://localhost",
"x509Certificate": "",
"logoutUrl": "https://localhost",
"nameIdFormat": "",
"signSamlRequest": null,
"samlRequestBinding": "",
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"responseSigned": true,
"assertionSigned": false,
"id":93 ,
"samlSpMetadata": {
"assertionConsumerService": [
{
"url": "https://local.miniorange.in/moas",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
],
"singleLogoutService": [
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
],
"nameIdFormat": [
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
],
"signingCertificate": "",
"encryptionCertificate": "",
"entityId": "https://local.miniorange.in/moas",
"xmlMetadataUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/idpinitiated"
},
"idpLoginUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/spinitiated"
}
]
}
}
Fetch Specific SAML IdP
To fetch details of a configured saml idp, you need to make a HTTP GET request to our fetch SAML IdP Configuration endpoint.
Endpoint Information:
Type | Information |
---|---|
Method | GET |
URL | https://login.xecurify.com/api/v1/idp/saml/{customerId}/{id} |
Request headers:
Parameters | Type |
---|---|
Customer-Key | int |
Timestamp | int |
Authorization | String |
CustomerKey
: CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp
: Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization
: Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Request Parameters:
Parameters | Type | Comments |
---|---|---|
customerId (required) | int | CustomerKey for your account |
id (required) | Int | ID of your SAML IdP |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>
, <ID>
, <AUTHORIZATION>
and <TIMESTAMP>
with the respective values
- cURL
- Java
- PHP
curl --location --request GET 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>' \
--header 'Authorization: <AUTHROIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>'
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>")
.method("GET", body)
.addHeader("Authorization", "<AUTHROIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.build();
Response response = client.newCall(request).execute();
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHROIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Example Request:
https://login.xecurify.com/api/v1/idp/saml/12312/93
Example Response:
{
"customerId": 12312,
"status": "SUCCESS",
"message": "Identity Provider settings retrieved successfully",
"idp": {
"displayName": "SamlApiTest",
"userLoginAllowed": false,
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"isDefault": false,
"domainMapping": "",
"attributeMapping": [
{
"incomingAttribute": "test",
"outgoingAttribute": "test"
},
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
],
"identifier": "SamlApiTest",
"entityId": "https://localhost",
"loginUrl": "https://localhost",
"x509Certificate": "",
"logoutUrl": "https://localhost",
"nameIdFormat": "",
"signSamlRequest": null,
"samlRequestBinding": "",
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"responseSigned": true,
"assertionSigned": false,
"id": 93,
"samlSpMetadata": {
"assertionConsumerService": [
{
"url": "https://local.miniorange.in/moas",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
],
"singleLogoutService": [
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
],
"nameIdFormat": [
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
],
"signingCertificate": "",
"encryptionCertificate": "",
"entityId": "https://local.miniorange.in/moas",
"xmlMetadataUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/idpinitiated"
},
"idpLoginUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/spinitiated"
}
}
Add a SAML IdP
To add a saml idp, you need to make a HTTP PUT request to our add SAML IdP Configuration endpoint.
Endpoint Information:
Type | Information |
---|---|
Method | PUT |
URL | https://login.xecurify.com/api/v1/idp/saml/{customerId} |
Request headers:
Parameters | Type |
---|---|
Content-Type | application/json |
Customer-Key | int |
Timestamp | int |
Authorization | String |
CustomerKey
: CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp
: Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization
: Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Main Request Parameters:
Parameters | Type | Comments |
---|---|---|
customerId (required) | int | CustomerKey for your account |
identifier (required) | string | A unique value to identify your IdP |
displayName (required) | string | This value would be used to display to Users |
entityId (required) | string | IdPs Entity Id |
loginUrl (required) | string | IdPs SSO Login Url |
logoutUrl (optional) | string | IdPs SSO Logout Url |
x509Certificate (required) | string | IdPs signing X509 Certificate |
nameIdFormat (required) | string | Has to be one of the following : urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress , urn:oasis:names:tc:SAML:2.0:nameid-format:persistent , urn:oasis:names:tc:SAML:2.0:nameid-format:transient , urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
samlRequestBinding (required) | string | Has to be either urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
responseSigned (optional) | bool | True by default |
assertionSigned (optional) | bool | False by default |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>
, <ENTITY_ID>
, <LOGIN_URL>
, <LOGOUT_URL>
, <X509_CERT>
, <AUTHORIZATION>
and <TIMESTAMP>
with the respective values
- cURL
- Java
- PHP
curl --location --request PUT 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>' \
--header 'Authorization: <AUTHROIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>' \
--header 'Content-Type: application/json' \
--data-raw '{
"identifier": "SamlApiTest",
"displayName": "SamlApiTest",
"entityId": "<ENTITY_ID>",
"loginUrl": "<LOGIN_URL>",
"logoutUrl": "<LOGOUT_URL>",
"x509Certificate": "<X509_CERT>",
"nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signSamlRequest": false,
"samlRequestBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"userLoginAllowed": false,
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"domainMapping": "",
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"attributeMapping": [
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
]
}'
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{
\"identifier\": \"SamlApiTest2\",
\"displayName\": \"SamlApiTest2\",
\"entityId\": \"<ENTITY_ID>\",
\"loginUrl\": \"<LOGIN_URL>\",
\"logoutUrl\": \"<LOGOUT_URL>\",
\"x509Certificate\": \"<X5909_CERT>\",
\"nameIdFormat\": \"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\",
\"signSamlRequest\": false,
\"samlRequestBinding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\",
\"userLoginAllowed\": false,
\"overrideReturnUrl\": false,
\"defaultReturnUrl\": \"\",
\"domainMapping\": \"\",
\"showIdpToUsers\": false,
\"promptForUserRegistration\": false,
\"sendConfiguredAttributes\": false,
\"attributeMapping\": [
{
\"incomingAttribute\": \"\",
\"outgoingAttribute\": \"\"
}
]
}");
Request request = new Request.Builder()
.url("http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>")
.method("PUT", body)
.addHeader("Authorization", "<AUTHROIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'PUT',
CURLOPT_POSTFIELDS =>'{
"identifier": "SamlApiTest2",
"displayName": "SamlApiTest2",
"entityId": "<ENTITY_ID>",
"loginUrl": "<LOGIN_URL>",
"logoutUrl": "<LOGOUT_URL>",
"x509Certificate": "<X5909_CERT>",
"nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signSamlRequest": false,
"samlRequestBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"userLoginAllowed": false,
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"domainMapping": "",
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"attributeMapping": [
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
]
}',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHROIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>',
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Example Request:
https://login.xecurify.com/api/v1/idp/saml/12312
Example Request body:
{
"identifier": "SamlApiTest",
"displayName": "SamlApiTest",
"entityId": "https://localhost2",
"loginUrl": "https://localhost2",
"logoutUrl": "https://localhost2",
"x509Certificate": "...",
"nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signSamlRequest": false,
"samlRequestBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"userLoginAllowed": false,
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"domainMapping": "",
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"attributeMapping": [
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
]
}
Example Response:
{
"customerId": 12312,
"status": "SUCCESS",
"message": "Identity Provider created successfully",
"idp": {
"displayName": "SamlApiTest",
"userLoginAllowed": false,
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"isDefault": false,
"domainMapping": "",
"attributeMapping": [
{
"incomingAttribute": "test",
"outgoingAttribute": "test"
},
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
],
"identifier": "SamlApiTest",
"entityId": "https://localhost",
"loginUrl": "https://localhost",
"x509Certificate": "",
"logoutUrl": "https://localhost",
"nameIdFormat": "",
"signSamlRequest": null,
"samlRequestBinding": "",
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"responseSigned": true,
"assertionSigned": false,
"id": 93,
"samlSpMetadata": {
"assertionConsumerService": [
{
"url": "https://local.miniorange.in/moas",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
],
"singleLogoutService": [
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
],
"nameIdFormat": [
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
],
"signingCertificate": "",
"encryptionCertificate": "",
"entityId": "https://local.miniorange.in/moas",
"xmlMetadataUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/idpinitiated"
},
"idpLoginUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/spinitiated"
}
}
Update a SAML IdP
To update a saml idp, you need to make a HTTP PATCH request to our update SAML IdP Configuration endpoint.
Endpoint Information:
Type | Information |
---|---|
Method | PATCH |
URL | https://login.xecurify.com/api/v1/idp/saml/{customerId}/{id} |
Request headers:
Parameters | Type |
---|---|
Content-Type | application/json |
Customer-Key | int |
Timestamp | int |
Authorization | String |
CustomerKey
: CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp
: Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization
: Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Main Request Parameters:
Parameters | Type | Comments |
---|---|---|
customerId (required) | int | CustomerKey for your account |
id (required) | Int | ID of your SAML IdP |
identifier (required) | string | A unique value to identify your IdP |
displayName (required) | string | This value would be used to display to Users |
entityId (required) | string | IdPs Entity Id |
loginUrl (required) | string | IdPs SSO Login Url |
logoutUrl (optional) | string | IdPs SSO Logout Url |
x509Certificate (required) | string | IdPs signing X509 Certificate |
nameIdFormat (required) | string | Has to be one of the following : urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress , urn:oasis:names:tc:SAML:2.0:nameid-format:persistent , urn:oasis:names:tc:SAML:2.0:nameid-format:transient , urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
samlRequestBinding (required) | string | Has to be either urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect |
responseSigned (optional) | bool | True by default |
assertionSigned (optional) | bool | False by default |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>
, <ID>
, <ENTITY_ID>
, <LOGIN_URL>
, <LOGOUT_URL>
, <X509_CERT>
, <AUTHORIZATION>
and <TIMESTAMP>
with the respective values
- cURL
- Java
- PHP
curl --location --request PATCH 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>' \
--header 'Authorization: <AUTHROIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>' \
--header 'Content-Type: application/json' \
--data-raw '{
"identifier": "SamlApiTest",
"displayName": "SamlApiTest",
"entityId": "<ENTITY_ID>",
"loginUrl": "<LOGIN_URL>",
"logoutUrl": "<LOGOUT_URL>",
"x509Certificate": "<X509_CERT>",
"nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signSamlRequest": false,
"samlRequestBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"userLoginAllowed": false,
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"domainMapping": "",
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"attributeMapping": [
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
]
}'
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{
\"identifier\": \"SamlApiTest2\",
\"displayName\": \"SamlApiTest2\",
\"entityId\": \"<ENTITY_ID>\",
\"loginUrl\": \"<LOGIN_URL>\",
\"logoutUrl\": \"<LOGOUT_URL>\",
\"x509Certificate\": \"<X5909_CERT>\",
\"nameIdFormat\": \"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\",
\"signSamlRequest\": false,
\"samlRequestBinding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\",
\"userLoginAllowed\": false,
\"overrideReturnUrl\": false,
\"defaultReturnUrl\": \"\",
\"domainMapping\": \"\",
\"showIdpToUsers\": false,
\"promptForUserRegistration\": false,
\"sendConfiguredAttributes\": false,
\"attributeMapping\": [
{
\"incomingAttribute\": \"\",
\"outgoingAttribute\": \"\"
}
]
}");
Request request = new Request.Builder()
.url("http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>")
.method("PATCH", body)
.addHeader("Authorization", "<AUTHROIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'PATCH',
CURLOPT_POSTFIELDS =>'{
"identifier": "SamlApiTest2",
"displayName": "SamlApiTest2",
"entityId": "<ENTITY_ID>",
"loginUrl": "<LOGIN_URL>",
"logoutUrl": "<LOGOUT_URL>",
"x509Certificate": "<X5909_CERT>",
"nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signSamlRequest": false,
"samlRequestBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"userLoginAllowed": false,
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"domainMapping": "",
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"attributeMapping": [
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
]
}',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHROIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>',
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Example Request:
https://login.xecurify.com/api/v1/idp/saml/12312/93
Example Request body:
{
"identifier": "SamlApiTest",
"displayName": "SamlApiTest",
"entityId": "https://localhost2",
"loginUrl": "https://localhost2",
"logoutUrl": "https://localhost2",
"x509Certificate": "...",
"nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signSamlRequest": false,
"samlRequestBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"userLoginAllowed": false,
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"domainMapping": "",
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"attributeMapping": [
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
]
}
Example Response:
{
"customerId": 12312,
"status": "SUCCESS",
"message": "Identity Provider updated successfully",
"idp": {
"displayName": "SamlApiTest",
"userLoginAllowed": false,
"showIdpToUsers": false,
"promptForUserRegistration": false,
"sendConfiguredAttributes": false,
"isDefault": false,
"domainMapping": "",
"attributeMapping": [
{
"incomingAttribute": "test",
"outgoingAttribute": "test"
},
{
"incomingAttribute": "",
"outgoingAttribute": ""
}
],
"identifier": "SamlApiTest",
"entityId": "https://localhost",
"loginUrl": "https://localhost",
"x509Certificate": "",
"logoutUrl": "https://localhost",
"nameIdFormat": "",
"signSamlRequest": null,
"samlRequestBinding": "",
"overrideReturnUrl": false,
"defaultReturnUrl": "",
"responseSigned": true,
"assertionSigned": false,
"id": 93,
"samlSpMetadata": {
"assertionConsumerService": [
{
"url": "https://local.miniorange.in/moas",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
],
"singleLogoutService": [
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
{
"url": "https://xyz.miniorange.in/moas/broker/login/saml_logout/12312/",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
],
"nameIdFormat": [
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
],
"signingCertificate": "",
"encryptionCertificate": "",
"entityId": "https://local.miniorange.in/moas",
"xmlMetadataUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/idpinitiated"
},
"idpLoginUrl": "https://xyz.miniorange.in/moas/spmetadata/saml/12312/spinitiated"
}
}
Delete a SAML IdP
To detele a saml idp, you need to make a HTTP DELETE request to our delete SAML IdP Configuration endpoint.
Endpoint Information:
Type | Information |
---|---|
Method | DELETE |
URL | https://login.xecurify.com/api/v1/idp/saml/{customerId}/{id} |
Request headers:
Parameters | Type |
---|---|
Customer-Key | int |
Timestamp | int |
Authorization | String |
CustomerKey
: CustomerKey is the customer key for your account and must be sent with all client requests.
Timestamp
: Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization
: Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey). Check the Authorization Section above for more details.
Main Request Parameters:
Parameters | Type | Comments |
---|---|---|
customerId (required) | int | CustomerKey for your account |
id (required) | Int | ID of your SAML IdP |
Sample Code for Request:
In the following code, just replace <YOUR_CUSTOMER_KEY>
, <ID>
, <AUTHORIZATION>
and <TIMESTAMP>
with the respective values
- cURL
- Java
- PHP
curl --location --request DELETE 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>' \
--header 'Authorization: <AUTHROIZATION>' \
--header 'Customer-Key: <YOUR_CUSTOMER_KEY>' \
--header 'Timestamp: <TIMESTAMP>'
OkHttpClient client = new OkHttpClient().newBuilder().build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>")
.method("DELETE", body)
.addHeader("Authorization", "<AUTHROIZATION>")
.addHeader("Customer-Key", "<YOUR_CUSTOMER_KEY>")
.addHeader("Timestamp", "<TIMESTAMP>")
.build();
Response response = client.newCall(request).execute();
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'http://login.xecurify.com/api/v1/idp/saml/<YOUR_CUSTOMER_KEY>/<ID>',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'DELETE',
CURLOPT_HTTPHEADER => array(
'Authorization: <AUTHROIZATION>',
'Customer-Key: <YOUR_CUSTOMER_KEY>',
'Timestamp: <TIMESTAMP>'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Example Request:
https://login.xecurify.com/api/v1/idp/saml/12312/93
Example Response:
{
"customerId": 12312,
"status": "SUCCESS",
"message": "Identity deleted successfully",
}