SAML endpoints

Use the SAML endpoints to configure SAML and retrieve SAML configuration details. You can also use the GET /v1/saml/meta endpoint to get the public certificate and URLs needed for configuration.

PUT /saml

Configure SAML. When changing SAML settings, you must specify all of the required settings in the PUT request, including the required settings that are remaining the same. You do not need to specify optional settings unless you are changing them.

Request format

Accepts SAML connection settings. See the SAML configuration reference for the complete list of settings.

Response format

Returns a "201" code if the settings are new and includes the new settings in the payload.

Returns a "200 OK" code if the settings have been updated and set.

Returns a "403" code if the user lacks the directory_serivce:edit:* permission.

GET /saml

Retrieves the currently configured SAML configuration.

Response format

Returns a 200 code with the SAML configuration when SAML is configured and the user is authorized. See the SAML configuration reference for the complete list of settings.

Returns a 404 code if the SAML data is not configured.

DELETE /saml

Remove the existing SAML configuration.

Response format

Returns "204 no content" code if the SAML configuration is removed correctly.

Returns a "404 not found" code is the SAML configuration is not set prior to making the request.

Returns a "403" code if the user lacks the directory_service:edit* permission.

GET /v1/saml/meta

Retrieve the public SAML certificate and URLs needed to configure an identity provider.

Configure your identity provider with these key values. After it's configured, your identity provider supplies the required values for configuring SAML in PE. This information is also exposed in the console on the SSO tab.

Response format

This endpoint returns a "200 Ok" response if the instance is not a replica and the certificate exists. The following keys are returned:

Key Definition
meta A URL to the public metadata endpoint for the SAML service provider. Some IdP configurations also require this URL in the "entity-id" and/or "audience restriction" fields
slo A URL to the public logout service for SAML.
acs A URL to the public assertion service for SAML.
cert A string representing the public SAML certificate.
For example,
{
   "meta": "https://localhost/saml/v1/meta",
   "acs": "https://localhost/saml/v1/acs",
   "slo": "https://localhost/saml/vi/slo",
   "cert": "-----BEGIN CERTIFICATE-----\nMIIFo ..."
}

Error response

The endpoint returns a "404 not found" error if the SAML key entries are not present in the configuration, or the public key file does not exist.