PUT /ssoSettings
Use this method to modify the client settings when an external SAML 2.0 identity provider is used for authentication. The identity provider must be Microsoft Active Directory Federated Services (AD FS) and must reside on a server that is connected to the management network.
Authentication
Authentication with username and password is required.
Request URL
PUT https://{management_server_IP}/ssoSettings
Query parameters
None
Request body
| Attributes | Required / Optional | Type | Description | |
|---|---|---|---|---|
| samlEnabled | Optional | Boolean | Indicates whether an SAML identity provider is used for authentication. This can be one of the following values.
| |
| spMetadataAttributes | Optional | Object | Information about the SAML service provider metadata. | |
| entityId | Required | String | The service provider base URL as the unique identifier of the service provider. | |
| signMetadata | Required | Boolean | Indicates whether the generated metadata is digitally signed. This can be one of the following values.
| |
| signingAlgorithm | Required | String | The algorithm that is used to create digital signature on the metadata object. This can be the following value:
| |
| signAuthenticationRequests | Required | Boolean | Indicates whether authentication requests are signed. This can be one of the following values.
| |
| requireSignedAuthenticationResponse | Required | Boolean | Indicates whether authentication responses are signed. This can be one of the following values.
| |
| requireSignedArtifactResolution | Required | Boolean | Indicates whether the signing of artifact resolution requests sent to the remote identity providers is enabled. This can be one of the following values:
| |
| idpMetadata | Optional | String | SAML identity provider metadata that was retrieved from ADFS. | |
The following example modifies an external SAML 2.0 identity provider client.
{
"samlEnabled":true,
"spMetadataParameters":{
"entityId":"10.243.2.124",
"signMetadata":true,
"signingAlgorithm":"sha1",
"signAuthenticationRequests":true,
"requireSignedAuthenticationResponse":true,
"requireSignedArtifactResolution":true
},
"idpMetadata":"IDP metadata xml"
}
Response codes
| Code | Description | Comments |
|---|---|---|
| 200 | OK | The request completed successfully. |
| 400 | Bad Request | A query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body. |
| 409 | Conflict | There is a conflict with the current state of the resource. A descriptive error message is returned in the response body. |
| 500 | Internal Server Error | An internal error occurred. A descriptive error message is returned in the response body. |
Response body
| Attributes | Type | Description | ||
|---|---|---|---|---|
| result | String | Results of the request. This can be one of the following values.
| ||
| messages | Array of objects | Information about one or more messages | ||
| id | String | Message identifier of a returned message | ||
| text | String | Message text associated with the message identifier | ||
| explanation | String | Additional information to clarify the reason for the message | ||
| recovery | Array of objects | Recovery information | ||
| text | String | User actions that can be taken to recover from the event | ||
| URL | String | Link to the help system for more information, if available | ||
The following example is returned if the request is successful.
{
"result": "failure",
"messages": [{
"explanation": "The request to change the SAML configuration could not complete for an unknown
reason.",
"id": "FQXHMSE0611J",
"recovery": {
"text": "Specify valid parameters on the request and try the request again. If the problem
persists, contact Support.",
"URL": ""
},
"text": "The request to change the SAML configuration could not be completed successfully."
}]
}
Give documentation feedback