Web API: saml2: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
'''Saml2''' returns the SAML 2.0 service | '''Saml2''' method returns the SAML 2.0 service provider (SP) metadata. No authentication is required to fetch the metadata. Usually the service provider metadata url is configured to the identity provider (IdP), which can then read, e.g., the needed public encryption keys. | ||
<pre> | <pre> | ||
Url: GET /api/saml2 | Url: GET qprpa/api/saml2 | ||
attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" | attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" | ||
Content-Type: application/samlmetadata+xml | Content-Type: application/samlmetadata+xml | ||
| Line 14: | Line 14: | ||
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> | <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> | ||
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> | <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> | ||
<Reference URI=" | <Reference URI="..."> | ||
<Transforms> | <Transforms> | ||
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> | <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> | ||
| Line 20: | Line 20: | ||
</Transforms> | </Transforms> | ||
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> | <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> | ||
<DigestValue> | <DigestValue>...</DigestValue> | ||
</Reference> | </Reference> | ||
</SignedInfo> | </SignedInfo> | ||
<SignatureValue> | <SignatureValue>...</SignatureValue> | ||
<KeyInfo> | <KeyInfo> | ||
<X509Data> | <X509Data> | ||
Latest revision as of 23:39, 17 February 2022
Saml2 method returns the SAML 2.0 service provider (SP) metadata. No authentication is required to fetch the metadata. Usually the service provider metadata url is configured to the identity provider (IdP), which can then read, e.g., the needed public encryption keys.
Url: GET qprpa/api/saml2 attachment; filename="customer.onqpr.com_qprpa_Saml2.xml" Content-Type: application/samlmetadata+xml
Example:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" cacheDuration="PT1H" entityID="https://customer.onqpr.com/qprpa/Saml2" ID="_76ac281969e84420924d4e25d22b7c4e">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="...">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>...</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://customer.onqpr.com/QPRPA/Saml2/Logout" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://customer.onqpr.com/QPRPA/Saml2/Acs" isDefault="true" index="0" />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://customer.onqpr.com/QPRPA/Saml2/Acs" isDefault="false" index="1" />
</SPSSODescriptor>
</EntityDescriptor>