Web API: saml2: Difference between revisions
Jump to navigation
Jump to search
(Created page with "'''Saml2''' returns the SAML 2.0 service provide metadata. No authentication is required. <pre> Url: GET /api/saml2 attachment; filename="customer.onqpr.com_qprpa_Saml2.xml"...") |
No edit summary |
||
| (10 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
'''Saml2''' returns the SAML 2.0 service | '''Saml2''' method returns the SAML 2.0 service provider (SP) metadata. No authentication is required to fetch the metadata. Usually the service provider metadata url is configured to the identity provider (IdP), which can then read, e.g., the needed public encryption keys. | ||
<pre> | <pre> | ||
Url: GET / | Url: GET qprpa/Saml2 | ||
attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" | attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" | ||
Content-Type: application/samlmetadata+xml | Content-Type: application/samlmetadata+xml | ||
</pre> | </pre> | ||
Example (signature and certificate data has been removed): | |||
<syntaxhighlight lang="xml" line> | |||
<EntityDescriptor cacheDuration="PT1H" entityID="https://customer.onqpr.com/qprpa/Saml2" | |||
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" | |||
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4118a865e1ba413d8dbc4a881b95bddf"> | |||
<Signature | |||
xmlns="http://www.w3.org/2000/09/xmldsig#"> | |||
<SignedInfo> | |||
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> | |||
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> | |||
<Reference URI="#_4118a865e1ba413d8dbc4a881b95bddf"> | |||
<Transforms> | |||
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> | |||
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> | |||
</Transforms> | |||
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> | |||
<DigestValue>QPTQljwZYbaPCQ3PAZ55PIWiXGT4Z20hlMmzauejUYM=</DigestValue> | |||
</Reference> | |||
</SignedInfo> | |||
<SignatureValue>...</SignatureValue> | |||
<KeyInfo> | |||
<X509Data> | |||
<X509Certificate>...</X509Certificate> | |||
</X509Data> | |||
</KeyInfo> | |||
</Signature> | |||
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | |||
<KeyDescriptor use="signing"> | |||
<KeyInfo | |||
xmlns="http://www.w3.org/2000/09/xmldsig#"> | |||
<X509Data> | |||
<X509Certificate>...</X509Certificate> | |||
</X509Data> | |||
</KeyInfo> | |||
</KeyDescriptor> | |||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://customer.onqpr.com/qprpa/Saml2/Logout" /> | |||
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="true" index="0" /> | |||
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="false" index="1" /> | |||
</SPSSODescriptor> | |||
</EntityDescriptor> | |||
</syntaxhighlight> | |||
Latest revision as of 19:41, 18 March 2025
Saml2 method returns the SAML 2.0 service provider (SP) metadata. No authentication is required to fetch the metadata. Usually the service provider metadata url is configured to the identity provider (IdP), which can then read, e.g., the needed public encryption keys.
Url: GET qprpa/Saml2 attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" Content-Type: application/samlmetadata+xml
Example (signature and certificate data has been removed):
<EntityDescriptor cacheDuration="PT1H" entityID="https://customer.onqpr.com/qprpa/Saml2"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4118a865e1ba413d8dbc4a881b95bddf">
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_4118a865e1ba413d8dbc4a881b95bddf">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>QPTQljwZYbaPCQ3PAZ55PIWiXGT4Z20hlMmzauejUYM=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://customer.onqpr.com/qprpa/Saml2/Logout" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="true" index="0" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="false" index="1" />
</SPSSODescriptor>
</EntityDescriptor>