Configure a SAML IDP to allow login to Files

Properties:

  • id (read only)
  • name - (required) A name for the SAML configuration
  • sso_target_url - The URL to the SAML IDP login page
  • fingerprint (required unless certificate provided)
  • certificate (required unless fingerprint provided)
  • allowable_clock_drift (integer, default 0) - Allowable clock drift (in seconds) between the SAML server and the provider (Files)
  • login_text - Button text for SAML login - Defaults to "Sign in with SAML"
  • instructions - Instructions for SAML login, not yet used
  • restrict_login_to_known_groups - If enabled, only members (in the SAML response) of existing SAML groups (in Files) can log in
  • attribute_mapping (required) - JSON mapping attributes in the SAML response to their corresponding Files attributes
  • group_id (read only) - ID of the internal SAML members group - This can be used to set up default workspaces and dropboxes for all SAML users of this configuration

Notes:

  • SAML login will not be displayed if the SAML configuration is not enabled
  • Either fingerprint or certificate (or both) must be provided
  • Attribute mapping is JSON - mappings are of the form "files_attr": "saml_attr"
  • Attribute mapping must contain a mapping for at least email, first_name, last_name and member_of

Default workspaces and dropboxes

  • After creation, a system group will be created for the SAML configuration (identified by group_id). All SAML users will be added to this group upon login, so it can be used to set up default workspace and dropbox permissions using the normal group modification means.

GET and POST

GET, PUT, DELETE

GET /api/v1/saml_configurations/1
200 OK
{
  "id": "1",
  "name": "SAML Configuration",
  "enabled": true,
  "sso_target_url": "https://shib.asperademo.com/idp/profile/SAML2/Redirect/SSO",
  "fingerprint": "3D:99:C3:51:94:94:16:EE:51:3D:28:89:6C:C2:E0:43:A8:24:EA:C2",
  "certificate": "-----BEGIN CERTIFICATE-----
MIIDUDCCAjigAwIBAgIVANkYVO1LBB6MuViBihCDECq8XoAxMA0GCSqGSIb3DQEB
BQUAMCQxIjAgBgNVBAMTGXNoaWItaWRwLTAxLmRldi5hc3BlcmEudXMwHhcNMTMx
MTA2MjIzODAzWhcNMzMxMTA2MjIzODAzWjAkMSIwIAYDVQQDExlzaGliLWlkcC0w
MS5kZXYuYXNwZXJhLnVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
kk7e5VrTJpcmeQTbNQXlgBTgpeWkkhx+8t4zpEh4UbQr8sXhso9GtDQjVhasWMfG
PAO+Mlp112eXVvT8uQQMBh3Ce7qSx1aXl4ZsJw+mPfuRf6xIZDk5sVNfY801SxXb
eVvPSGXN6lTPV7/0/dd4s+IMIeG6NfIdfpFbYa4F2QaJD28ergf3KELzHkrBWti5
5NH8Np49rk5Iq0fk56YR1KuETHI2pS3vvVIOJMwIhOvOrsNxHu0O6oohFmLM5k+y
HQqur1Lk0mV9GFZnwDWClwPcLKvJ6gTv8k4hUkI0fhWUVOENcleyyDc9acnMXCrn
M424eW4QnKE1H8u8xO6DcwIDAQABo3kwdzBWBgNVHREETzBNghlzaGliLWlkcC0w
MS5kZXYuYXNwZXJhLnVzhjBodHRwczovL3NoaWItaWRwLTAxLmRldi5hc3BlcmEu
dXMvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFPZq25rft0WK+9WvL+Wl+W+knKh3
MA0GCSqGSIb3DQEBBQUAA4IBAQAhCICuALkaLW1glDVtp8YuYB3FZqBn0Y3ekt/O
UXIUuGwXDYhR8FdumXhGIGdUaPlQHd3MnZRIVougy7fS/Qyg8V/C8ALa5g7K/2sT
Oi/RtMjRQZK+vOlOoxneqotk4BPGp3an+m1pdnxjJvphL4kX/ZPuCcvkyzoDnelv
/c+dE/+Yz6IzmL1j/drsxRL8etPcjpgGjIF4TDGTNDDhleOyLP3yN2aNPqEpF/Y8
WOVhejrkux2YKwH6SQVKdSgodD6EVsUs13F1atvBBRRwBWgG2lFBnVRl01r3LOjH
0VtFK/Hms3V3L9jE7ucR+qDbWNdPEmVwBY2aHr0EQU/NscQl
-----END CERTIFICATE-----
",
  "allowable_clock_drift": "0",
  "login_text": "Sign in with SAML",
  "instructions": "",
  "restrict_login_to_known_groups": false,
  "attribute_mapping": {
    "email": "email",
    "first_name": "given_name",
    "last_name": "surname",
    "member_of": "member_of"
  },
  "group_id": "5"
}
POST /api/v1/saml_configurations
{
  "enabled": true,
  "name": "SAML Configuration",
  "sso_target_url": "https://shib.asperademo.com/idp/profile/SAML2/Redirect/SSO",
  "fingerprint": "3D:99:C3:51:94:94:16:EE:51:3D:28:89:6C:C2:E0:43:A8:24:EA:C2",
  "certificate": "-----BEGIN CERTIFICATE-----
MIIDUDCCAjigAwIBAgIVANkYVO1LBB6MuViBihCDECq8XoAxMA0GCSqGSIb3DQEB
BQUAMCQxIjAgBgNVBAMTGXNoaWItaWRwLTAxLmRldi5hc3BlcmEudXMwHhcNMTMx
MTA2MjIzODAzWhcNMzMxMTA2MjIzODAzWjAkMSIwIAYDVQQDExlzaGliLWlkcC0w
MS5kZXYuYXNwZXJhLnVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
kk7e5VrTJpcmeQTbNQXlgBTgpeWkkhx+8t4zpEh4UbQr8sXhso9GtDQjVhasWMfG
PAO+Mlp112eXVvT8uQQMBh3Ce7qSx1aXl4ZsJw+mPfuRf6xIZDk5sVNfY801SxXb
eVvPSGXN6lTPV7/0/dd4s+IMIeG6NfIdfpFbYa4F2QaJD28ergf3KELzHkrBWti5
5NH8Np49rk5Iq0fk56YR1KuETHI2pS3vvVIOJMwIhOvOrsNxHu0O6oohFmLM5k+y
HQqur1Lk0mV9GFZnwDWClwPcLKvJ6gTv8k4hUkI0fhWUVOENcleyyDc9acnMXCrn
M424eW4QnKE1H8u8xO6DcwIDAQABo3kwdzBWBgNVHREETzBNghlzaGliLWlkcC0w
MS5kZXYuYXNwZXJhLnVzhjBodHRwczovL3NoaWItaWRwLTAxLmRldi5hc3BlcmEu
dXMvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFPZq25rft0WK+9WvL+Wl+W+knKh3
MA0GCSqGSIb3DQEBBQUAA4IBAQAhCICuALkaLW1glDVtp8YuYB3FZqBn0Y3ekt/O
UXIUuGwXDYhR8FdumXhGIGdUaPlQHd3MnZRIVougy7fS/Qyg8V/C8ALa5g7K/2sT
Oi/RtMjRQZK+vOlOoxneqotk4BPGp3an+m1pdnxjJvphL4kX/ZPuCcvkyzoDnelv
/c+dE/+Yz6IzmL1j/drsxRL8etPcjpgGjIF4TDGTNDDhleOyLP3yN2aNPqEpF/Y8
WOVhejrkux2YKwH6SQVKdSgodD6EVsUs13F1atvBBRRwBWgG2lFBnVRl01r3LOjH
0VtFK/Hms3V3L9jE7ucR+qDbWNdPEmVwBY2aHr0EQU/NscQl
-----END CERTIFICATE-----
",
  "attribute_mapping": {
    "email": "email",
    "first_name": "given_name",
    "last_name": "surname",
    "member_of": "member_of"
  }
}

201 Created
{
  "id": "5",
  "enabled": true,
  "name": "SAML Configuration",
  "sso_target_url": "https://shib.asperademo.com/idp/profile/SAML2/Redirect/SSO",
  "fingerprint": "3D:99:C3:51:94:94:16:EE:51:3D:28:89:6C:C2:E0:43:A8:24:EA:C2",
  "certificate": "-----BEGIN CERTIFICATE-----
MIIDUDCCAjigAwIBAgIVANkYVO1LBB6MuViBihCDECq8XoAxMA0GCSqGSIb3DQEB
BQUAMCQxIjAgBgNVBAMTGXNoaWItaWRwLTAxLmRldi5hc3BlcmEudXMwHhcNMTMx
MTA2MjIzODAzWhcNMzMxMTA2MjIzODAzWjAkMSIwIAYDVQQDExlzaGliLWlkcC0w
MS5kZXYuYXNwZXJhLnVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
kk7e5VrTJpcmeQTbNQXlgBTgpeWkkhx+8t4zpEh4UbQr8sXhso9GtDQjVhasWMfG
PAO+Mlp112eXVvT8uQQMBh3Ce7qSx1aXl4ZsJw+mPfuRf6xIZDk5sVNfY801SxXb
eVvPSGXN6lTPV7/0/dd4s+IMIeG6NfIdfpFbYa4F2QaJD28ergf3KELzHkrBWti5
5NH8Np49rk5Iq0fk56YR1KuETHI2pS3vvVIOJMwIhOvOrsNxHu0O6oohFmLM5k+y
HQqur1Lk0mV9GFZnwDWClwPcLKvJ6gTv8k4hUkI0fhWUVOENcleyyDc9acnMXCrn
M424eW4QnKE1H8u8xO6DcwIDAQABo3kwdzBWBgNVHREETzBNghlzaGliLWlkcC0w
MS5kZXYuYXNwZXJhLnVzhjBodHRwczovL3NoaWItaWRwLTAxLmRldi5hc3BlcmEu
dXMvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFPZq25rft0WK+9WvL+Wl+W+knKh3
MA0GCSqGSIb3DQEBBQUAA4IBAQAhCICuALkaLW1glDVtp8YuYB3FZqBn0Y3ekt/O
UXIUuGwXDYhR8FdumXhGIGdUaPlQHd3MnZRIVougy7fS/Qyg8V/C8ALa5g7K/2sT
Oi/RtMjRQZK+vOlOoxneqotk4BPGp3an+m1pdnxjJvphL4kX/ZPuCcvkyzoDnelv
/c+dE/+Yz6IzmL1j/drsxRL8etPcjpgGjIF4TDGTNDDhleOyLP3yN2aNPqEpF/Y8
WOVhejrkux2YKwH6SQVKdSgodD6EVsUs13F1atvBBRRwBWgG2lFBnVRl01r3LOjH
0VtFK/Hms3V3L9jE7ucR+qDbWNdPEmVwBY2aHr0EQU/NscQl
-----END CERTIFICATE-----
",
  "allowable_clock_drift": "0",
  "login_text": "Sign in with SAML",
  "instructions": "",
  "restrict_login_to_known_groups": false,
  "attribute_mapping": {
    "email": "email",
    "first_name": "given_name",
    "last_name": "surname",
    "member_of": "member_of"
  },
  "group_id": "5"
}
DELETE /api/v1/saml_configurations/1
204 No Content
Video player

Video

×

Reset your Password Password resets are handled on the Support Site

×