Web API: saml2: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
<pre> | <pre> | ||
Url: GET qprpa/ | Url: GET qprpa/Saml2 | ||
attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" | attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" | ||
Content-Type: application/samlmetadata+xml | Content-Type: application/samlmetadata+xml | ||
</pre> | </pre> | ||
Example: | Example (signature and certificate data has been removed): | ||
< | <syntaxhighlight lang="xml" line> | ||
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0: | <EntityDescriptor cacheDuration="PT1H" entityID="https://customer.onqpr.com/qprpa/Saml2" | ||
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" | |||
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4118a865e1ba413d8dbc4a881b95bddf"> | |||
<Signature | |||
xmlns="http://www.w3.org/2000/09/xmldsig#"> | |||
<SignedInfo> | |||
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> | |||
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> | |||
<Reference URI="#_4118a865e1ba413d8dbc4a881b95bddf"> | |||
<Transforms> | |||
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> | |||
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> | |||
</Transforms> | |||
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> | |||
<DigestValue>QPTQljwZYbaPCQ3PAZ55PIWiXGT4Z20hlMmzauejUYM=</DigestValue> | |||
</Reference> | |||
</SignedInfo> | |||
<SignatureValue>...</SignatureValue> | |||
<KeyInfo> | |||
<X509Data> | |||
<X509Certificate>...</X509Certificate> | |||
</X509Data> | |||
</KeyInfo> | |||
</Signature> | |||
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | |||
<KeyDescriptor use="signing"> | |||
<KeyInfo | |||
xmlns="http://www.w3.org/2000/09/xmldsig#"> | |||
<X509Data> | |||
<X509Certificate>...</X509Certificate> | |||
</X509Data> | |||
</KeyInfo> | |||
</KeyDescriptor> | |||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://customer.onqpr.com/qprpa/Saml2/Logout" /> | |||
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="true" index="0" /> | |||
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="false" index="1" /> | |||
</SPSSODescriptor> | |||
</EntityDescriptor> | </EntityDescriptor> | ||
</ | </syntaxhighlight> | ||
Latest revision as of 19:41, 18 March 2025
Saml2 method returns the SAML 2.0 service provider (SP) metadata. No authentication is required to fetch the metadata. Usually the service provider metadata url is configured to the identity provider (IdP), which can then read, e.g., the needed public encryption keys.
Url: GET qprpa/Saml2 attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" Content-Type: application/samlmetadata+xml
Example (signature and certificate data has been removed):
<EntityDescriptor cacheDuration="PT1H" entityID="https://customer.onqpr.com/qprpa/Saml2"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4118a865e1ba413d8dbc4a881b95bddf">
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_4118a865e1ba413d8dbc4a881b95bddf">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>QPTQljwZYbaPCQ3PAZ55PIWiXGT4Z20hlMmzauejUYM=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://customer.onqpr.com/qprpa/Saml2/Logout" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="true" index="0" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://customer.onqpr.com/qprpa/Saml2/Acs" isDefault="false" index="1" />
</SPSSODescriptor>
</EntityDescriptor>