SAML Authentication Configuration API v1.0.0
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
Base URLs:
Default
get__saml_{domain}
Code samples
# You can also use wget
curl -X GET https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} \
-H 'Accept: application/json'
GET https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} HTTP/1.1
Host: mail.example.com
Accept: application/json
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', headers = headers)
print(r.json())
URL obj = new URL("https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
'application/json',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
GET /saml/{domain}
Get SAML configuration for the specified domain
Used to get all or some of the SAML authentication properties for the given domain, in JSON format
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| domain | path | string | true | domain we want the configuration of |
| keys | query | string | false | comma delimited list of properties |
| raw | query | boolean | false | if true, defaults are not applied and only stored properties are returned |
Example responses
200 Response
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | SAMLProperties |
put__saml_{domain}
Code samples
# You can also use wget
curl -X PUT https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} HTTP/1.1
Host: mail.example.com
Content-Type: application/json
Accept: application/json
const inputBody = '{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
const fetch = require('node-fetch');
const inputBody = {
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
};
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'PUT',
body: JSON.stringify(inputBody),
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.put 'https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.put('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', headers = headers)
print(r.json())
URL obj = new URL("https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
'application/json',
'Accept' => 'application/json',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('PUT','https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
PUT /saml/{domain}
Updates one or more SAML configuration properties for the specified domain
Used to update specific properties of the SAML authentication configuration for the given domain
Body parameter
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| domain | path | string | true | domain we want to update |
| body | body | SAMLProperties | false | none |
Example responses
200 Response
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | SAMLProperties |
| 400 | Bad Request | error in operation | Error |
post__saml_{domain}
Code samples
# You can also use wget
curl -X POST https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} HTTP/1.1
Host: mail.example.com
Content-Type: application/json
Accept: application/json
const inputBody = '{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
const fetch = require('node-fetch');
const inputBody = {
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
};
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'POST',
body: JSON.stringify(inputBody),
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', headers = headers)
print(r.json())
URL obj = new URL("https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
'application/json',
'Accept' => 'application/json',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
POST /saml/{domain}
Imports the whole SAML configuration of a domain
Used to import the SAML configuration of a domain from a JSON or XML document, either embedded in the request, or referenced as an external URL
Body parameter
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
<?xml version="1.0" encoding="UTF-8" ?>
<SAMLProperties>
<sp.entityid>https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io</sp.entityid>
<sp.assertion_consumer_service.url>https://samlokta.demo.zextras.io/zx/auth/saml</sp.assertion_consumer_service.url>
<idp.entityid>https://zextras.okta.com/app/appID/sso/saml/metadata</idp.entityid>
<idp.single_sign_on_service.url>https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml</idp.single_sign_on_service.url>
<idp.x509cert>-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----</idp.x509cert>
<sp.x509cert>-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----</sp.x509cert>
<sp.assertion_consumer_service.binding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</sp.assertion_consumer_service.binding>
<sp.single_logout_service.url>string</sp.single_logout_service.url>
<sp.single_logout_service.binding>string</sp.single_logout_service.binding>
<sp.nameidformat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</sp.nameidformat>
<sp.privatekey>-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----</sp.privatekey>
<idp.single_sign_on_service.binding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</idp.single_sign_on_service.binding>
<idp.single_logout_service.url>https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml</idp.single_logout_service.url>
<idp.single_logout_service.response.url>string</idp.single_logout_service.response.url>
<idp.single_logout_service.binding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</idp.single_logout_service.binding>
<security.nameid_encrypted>false</security.nameid_encrypted>
<security.authnrequest_signed>false</security.authnrequest_signed>
<security.logoutrequest_signed>false</security.logoutrequest_signed>
<security.logoutresponse_signed>false</security.logoutresponse_signed>
<security.want_messages_signed>false</security.want_messages_signed>
<security.want_assertions_signed>false</security.want_assertions_signed>
<security.sign_metadata>false</security.sign_metadata>
<security.want_assertions_encrypted>false</security.want_assertions_encrypted>
<security.want_nameid_encrypted>false</security.want_nameid_encrypted>
<security.requested_authncontext>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</security.requested_authncontext>
<security.requested_authncontextcomparison>exact</security.requested_authncontextcomparison>
<security.want_xml_validation>true</security.want_xml_validation>
<security.signature_algorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</security.signature_algorithm>
<organization.name>Zextras</organization.name>
<organization.displayname>Zextras</organization.displayname>
<organization.url>https://zextras.com</organization.url>
<organization.lang>en</organization.lang>
<contacts.technical.given_name>OneGuy</contacts.technical.given_name>
<contacts.technical.email_address>oneguy@zextras.com</contacts.technical.email_address>
<contacts.support.given_name>OneGuy</contacts.support.given_name>
<contacts.support.email_address>oneguy@zextras.com</contacts.support.email_address>
</SAMLProperties>
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| domain | path | string | true | domain we want to update |
| url | query | string | false | url to fetch the JSON or XML document from, instead of the request body |
| allowUnsecure | query | boolean | false | if true and url is used, allow fetching from sites with and invalid (or self-signed) SSL certificates |
| validate | query | boolean | false | if true properties are validated before storing |
| body | body | SAMLProperties | false | none |
Example responses
200 Response
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | SAMLProperties |
| 400 | Bad Request | error in operation | Error |
delete__saml_{domain}
Code samples
# You can also use wget
curl -X DELETE https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} \
-H 'Accept: application/json'
DELETE https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain} HTTP/1.1
Host: mail.example.com
Accept: application/json
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.delete 'https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.delete('https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', headers = headers)
print(r.json())
URL obj = new URL("https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("DELETE", "https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
'application/json',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('DELETE','https://mail.example.com/service/extension/zextras_admin/auth/saml/{domain}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
DELETE /saml/{domain}
Deletes one or more SAML configuration properties for the specified domain
Used to remove specific properties (or all of them) of the SAML authentication configuration for the given domain
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| domain | path | string | true | domain we want to remove properties from |
| keys | query | string | false | comma delimited list of properties to remove, if missing all properties are deleted |
Example responses
200 Response
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | SAMLProperties |
| 400 | Bad Request | error in operation | Error |
get__saml-validate_{domain}
Code samples
# You can also use wget
curl -X GET https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain} \
-H 'Accept: application/json'
GET https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain} HTTP/1.1
Host: mail.example.com
Accept: application/json
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain}', headers = headers)
print(r.json())
URL obj = new URL("https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
'application/json',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://mail.example.com/service/extension/zextras_admin/auth/saml-validate/{domain}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
GET /saml-validate/{domain}
Validate current SAML configuration for the specified domain
Used to validate the SAML authentication properties for the given domain
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| domain | path | string | true | domain we want to validate the configuration of |
Example responses
200 Response
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | SAMLProperties |
post__saml-validate
Code samples
# You can also use wget
curl -X POST https://mail.example.com/service/extension/zextras_admin/auth/saml-validate \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://mail.example.com/service/extension/zextras_admin/auth/saml-validate HTTP/1.1
Host: mail.example.com
Content-Type: application/json
Accept: application/json
const inputBody = '{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml-validate',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
const fetch = require('node-fetch');
const inputBody = {
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
};
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml-validate',
{
method: 'POST',
body: JSON.stringify(inputBody),
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://mail.example.com/service/extension/zextras_admin/auth/saml-validate',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://mail.example.com/service/extension/zextras_admin/auth/saml-validate', headers = headers)
print(r.json())
URL obj = new URL("https://mail.example.com/service/extension/zextras_admin/auth/saml-validate");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://mail.example.com/service/extension/zextras_admin/auth/saml-validate", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
'application/json',
'Accept' => 'application/json',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://mail.example.com/service/extension/zextras_admin/auth/saml-validate', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
POST /saml-validate
Validates a SAML configuration
Used to validate a SAML configuration document, in JSON or XML format, either embedded in the request, or referenced as an external URL
Body parameter
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
<?xml version="1.0" encoding="UTF-8" ?>
<SAMLProperties>
<sp.entityid>https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io</sp.entityid>
<sp.assertion_consumer_service.url>https://samlokta.demo.zextras.io/zx/auth/saml</sp.assertion_consumer_service.url>
<idp.entityid>https://zextras.okta.com/app/appID/sso/saml/metadata</idp.entityid>
<idp.single_sign_on_service.url>https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml</idp.single_sign_on_service.url>
<idp.x509cert>-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----</idp.x509cert>
<sp.x509cert>-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----</sp.x509cert>
<sp.assertion_consumer_service.binding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</sp.assertion_consumer_service.binding>
<sp.single_logout_service.url>string</sp.single_logout_service.url>
<sp.single_logout_service.binding>string</sp.single_logout_service.binding>
<sp.nameidformat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</sp.nameidformat>
<sp.privatekey>-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----</sp.privatekey>
<idp.single_sign_on_service.binding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</idp.single_sign_on_service.binding>
<idp.single_logout_service.url>https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml</idp.single_logout_service.url>
<idp.single_logout_service.response.url>string</idp.single_logout_service.response.url>
<idp.single_logout_service.binding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</idp.single_logout_service.binding>
<security.nameid_encrypted>false</security.nameid_encrypted>
<security.authnrequest_signed>false</security.authnrequest_signed>
<security.logoutrequest_signed>false</security.logoutrequest_signed>
<security.logoutresponse_signed>false</security.logoutresponse_signed>
<security.want_messages_signed>false</security.want_messages_signed>
<security.want_assertions_signed>false</security.want_assertions_signed>
<security.sign_metadata>false</security.sign_metadata>
<security.want_assertions_encrypted>false</security.want_assertions_encrypted>
<security.want_nameid_encrypted>false</security.want_nameid_encrypted>
<security.requested_authncontext>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</security.requested_authncontext>
<security.requested_authncontextcomparison>exact</security.requested_authncontextcomparison>
<security.want_xml_validation>true</security.want_xml_validation>
<security.signature_algorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</security.signature_algorithm>
<organization.name>Zextras</organization.name>
<organization.displayname>Zextras</organization.displayname>
<organization.url>https://zextras.com</organization.url>
<organization.lang>en</organization.lang>
<contacts.technical.given_name>OneGuy</contacts.technical.given_name>
<contacts.technical.email_address>oneguy@zextras.com</contacts.technical.email_address>
<contacts.support.given_name>OneGuy</contacts.support.given_name>
<contacts.support.email_address>oneguy@zextras.com</contacts.support.email_address>
</SAMLProperties>
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| url | query | string | false | url to fetch the JSON or XML document from, instead of the request body |
| allowUnsecure | query | boolean | false | if true and url is used, allow fetching from sites with and invalid (or self-signed) SSL certificates |
| body | body | SAMLProperties | false | none |
Example responses
200 Response
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | SAMLProperties |
| 400 | Bad Request | error in operation | Error |
post__saml-generate_{domain}
Code samples
# You can also use wget
curl -X POST https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain} \
-H 'Accept: application/json'
POST https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain} HTTP/1.1
Host: mail.example.com
Accept: application/json
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain}',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain}',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.post 'https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.post('https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain}', headers = headers)
print(r.json())
URL obj = new URL("https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
'application/json',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://mail.example.com/service/extension/zextras_admin/auth/saml-generate/{domain}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
POST /saml-generate/{domain}
Generate and stores all is needed to self-sign requests to the IdP
Used to automatically generate an X509 certificate and the related private key that will be used to sign requests to the IdP
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| domain | path | string | true | domain we want to configure |
| days | query | integer | false | days of validity of the generated certificate |
| organization | query | string | false | name of the organization that will be part of the certificate subject |
| organizationalUnit | query | string | false | name of the organizational unit that will be part of the certificate subject |
| country | query | string | false | name of the country that will be part of the certificate subject |
| state | query | string | false | name of the state/province that will be part of the certificate subject |
| location | query | string | false | name of the city/town that will be part of the certificate subject |
| digest | query | string | false | Digest alghoritm used to sign messages |
| encryption | query | string | false | Encryption alghoritm (and bit size) used to encrypt messages |
Example responses
200 Response
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | SAMLProperties |
| 400 | Bad Request | error in operation | Error |
Schemas
Error
{
"ok": true,
"error": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| ok | boolean | true | none | none |
| error | string | true | none | none |
SAMLProperties
{
"sp.entityid": "https://samlokta.demo.zextras.io/zx/auth/samlMetadata?domain=demo.zextras.io",
"sp.assertion_consumer_service.url": "https://samlokta.demo.zextras.io/zx/auth/saml",
"idp.entityid": "https://zextras.okta.com/app/appID/sso/saml/metadata",
"idp.single_sign_on_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/appId/sso/saml",
"idp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.x509cert": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"sp.assertion_consumer_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"sp.single_logout_service.url": "string",
"sp.single_logout_service.binding": "string",
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"sp.privatekey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"idp.single_sign_on_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idp.single_logout_service.url": "https://zextras.okta.com/app/zextrassrl_zimbrassotest_1/exk1t7tdyqj35vUF6357/slo/saml",
"idp.single_logout_service.response.url": "string",
"idp.single_logout_service.binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"security.nameid_encrypted": false,
"security.authnrequest_signed": false,
"security.logoutrequest_signed": false,
"security.logoutresponse_signed": false,
"security.want_messages_signed": false,
"security.want_assertions_signed": false,
"security.sign_metadata": false,
"security.want_assertions_encrypted": false,
"security.want_nameid_encrypted": false,
"security.requested_authncontext": "urn:oasis:names:tc:SAML:2.0:ac:classes:Password",
"security.requested_authncontextcomparison": "exact",
"security.want_xml_validation": true,
"security.signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
"organization.name": "Zextras",
"organization.displayname": "Zextras",
"organization.url": "https://zextras.com",
"organization.lang": "en",
"contacts.technical.given_name": "OneGuy",
"contacts.technical.email_address": "oneguy@zextras.com",
"contacts.support.given_name": "OneGuy",
"contacts.support.email_address": "oneguy@zextras.com"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| sp.entityid | string | true | none | Unique identifier for the Carbonio instance, as configured in the IdP for the carbonio instance / domain pair |
| sp.assertion_consumer_service.url | string | true | none | Carbonio endpoint where the IdP should send login / logout assertions |
| idp.entityid | string | true | none | Unique identifier of the IdP SAML configuration for this instance of Carbonio |
| idp.single_sign_on_service.url | string | true | none | IdP endpoint for Single Sign On requests |
| idp.x509cert | string | true | none | IdP X509 certificate, used to verify IdP signatures |
| sp.x509cert | string | false | none | Carbonio X509 certificate, used to sign requests to the IdP |
| sp.assertion_consumer_service.binding | string | false | none | type of requests that the IdP should send to carbonio for login / logout |
| sp.single_logout_service.url | string | false | none | not used |
| sp.single_logout_service.binding | string | false | none | not used |
| sp.nameidformat | string | false | none | format for the user name requested to the IdP, so that it matches with local account email |
| sp.privatekey | string | false | none | Carbonio X509 certificate private key, used to sign requests to the IdP |
| idp.single_sign_on_service.binding | string | false | none | Request type to send to the IdP Single Sign On endpoint |
| idp.single_logout_service.url | string | false | none | IdP Single Logout endpoint |
| idp.single_logout_service.response.url | string | false | none | not used |
| idp.single_logout_service.binding | string | false | none | Request type to send to the IdP Single Logout endpoint |
| security.nameid_encrypted | boolean | false | none | send account identifier in encrypted form |
| security.authnrequest_signed | boolean | false | none | send authentication requests with signature |
| security.logoutrequest_signed | boolean | false | none | send logout requests with signature |
| security.logoutresponse_signed | boolean | false | none | send logout response with signature |
| security.want_messages_signed | boolean | false | none | require signature from the IdP |
| security.want_assertions_signed | boolean | false | none | require signature in login / logout assertions from the IdP |
| security.sign_metadata | boolean | false | none | sign metadata response |
| security.want_assertions_encrypted | boolean | false | none | require encrypted assertions from the IdP |
| security.want_nameid_encrypted | boolean | false | none | require encrypted account identifier from the IdP |
| security.requested_authncontext | string | false | none | allows specifying the authentication context if the IdP supports more than one |
| security.requested_authncontextcomparison | string | false | none | authentication context comparison method |
| security.want_xml_validation | boolean | false | none | validates XML validity of assertions |
| security.signature_algorithm | string | false | none | encryption alghoritm to use |
| organization.name | string | false | none | Simple name of the organization |
| organization.displayname | string | false | none | Display name of the organization |
| organization.url | string | false | none | URL of the organization website |
| organization.lang | string | false | none | main language of the organization |
| contacts.technical.given_name | string | false | none | Technical contact name for the organization |
| contacts.technical.email_address | string | false | none | Technical contact email address for the organization |
| contacts.support.given_name | string | false | none | Support contact name for the organization |
| contacts.support.email_address | string | false | none | Support contact email address for the organization |
Enumerated Values
| Property | Value |
|---|---|
| sp.assertion_consumer_service.binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |