Web API: saml2: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''Saml2''' returns the SAML 2.0 service provide metadata. No authentication is required.
'''Saml2''' method returns the SAML 2.0 service provider (SP) metadata. No authentication is required to fetch the metadata. Usually the service provider metadata url is configured to the identity provider (IdP), which can then read, e.g., the needed public encryption keys.


<pre>
<pre>
Url: GET /api/saml2
Url: GET qprpa/api/saml2
attachment; filename="customer.onqpr.com_qprpa_Saml2.xml"
attachment; filename="customer.onqpr.com_qprpa_Saml2.xml"
Content-Type: application/samlmetadata+xml
Content-Type: application/samlmetadata+xml
Line 14: Line 14:
         <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
         <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
         <Reference URI="#_76ac281969e84420924d4e25d22b7c4e">
         <Reference URI="...">
             <Transforms>
             <Transforms>
               <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
               <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
Line 20: Line 20:
             </Transforms>
             </Transforms>
             <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
             <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
             <DigestValue>Q2/nbD7Dn1u/R0peQdHR8JdmLEDG0N4P9/caG/iCRe8=</DigestValue>
             <DigestValue>...</DigestValue>
         </Reference>
         </Reference>
       </SignedInfo>
       </SignedInfo>

Latest revision as of 23:39, 17 February 2022

Saml2 method returns the SAML 2.0 service provider (SP) metadata. No authentication is required to fetch the metadata. Usually the service provider metadata url is configured to the identity provider (IdP), which can then read, e.g., the needed public encryption keys.

Url: GET qprpa/api/saml2
attachment; filename="customer.onqpr.com_qprpa_Saml2.xml"
Content-Type: application/samlmetadata+xml

Example:

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" cacheDuration="PT1H" entityID="https://customer.onqpr.com/qprpa/Saml2" ID="_76ac281969e84420924d4e25d22b7c4e">
   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <SignedInfo>
         <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
         <Reference URI="...">
            <Transforms>
               <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
               <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <DigestValue>...</DigestValue>
         </Reference>
      </SignedInfo>
      <SignatureValue>...</SignatureValue>
      <KeyInfo>
         <X509Data>
            <X509Certificate>...</X509Certificate>
         </X509Data>
      </KeyInfo>
   </Signature>
   <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <KeyDescriptor use="signing">
         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data>
               <X509Certificate>...</X509Certificate>
            </X509Data>
         </KeyInfo>
      </KeyDescriptor>
      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://customer.onqpr.com/QPRPA/Saml2/Logout" />
      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://customer.onqpr.com/QPRPA/Saml2/Acs" isDefault="true" index="0" />
      <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://customer.onqpr.com/QPRPA/Saml2/Acs" isDefault="false" index="1" />
   </SPSSODescriptor>
</EntityDescriptor>