SAML Federation API, REST: Federation.Create
Creates a federation in the specified organization.
HTTP request
POST https://organization-manager.api.cloud.yandex.net/organization-manager/v1/saml/federations
Body parameters
{
"organizationId": "string",
"name": "string",
"description": "string",
"cookieMaxAge": "string",
"autoCreateAccountOnLogin": "boolean",
"issuer": "string",
"ssoBinding": "string",
"ssoUrl": "string",
"securitySettings": {
"encryptedAssertions": "boolean",
"forceAuthn": "boolean"
},
"caseInsensitiveNameIds": "boolean",
"labels": "string"
}
Field |
Description |
organizationId |
string ID of the organization to create a federation in. |
name |
string Name of the federation. |
description |
string Description of the federation. |
cookieMaxAge |
string (duration) Browser cookie lifetime in seconds. |
autoCreateAccountOnLogin |
boolean Add new users automatically on successful authentication. If the value is |
issuer |
string Required field. ID of the IdP server to be used for authentication. |
ssoBinding |
enum (BindingType) Single sign-on endpoint binding type. Most Identity Providers support the SAML Binding is a mapping of a SAML protocol message onto standard messaging
|
ssoUrl |
string Required field. Single sign-on endpoint URL. |
securitySettings |
Federation security settings. |
caseInsensitiveNameIds |
boolean Use case insensitive Name IDs. |
labels |
string Resource labels as |
FederationSecuritySettings
Federation security settings.
Field |
Description |
encryptedAssertions |
boolean Enable encrypted assertions. |
forceAuthn |
boolean Value parameter ForceAuthn in SAMLRequest. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": {
"federationId": "string"
},
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": {
"id": "string",
"organizationId": "string",
"name": "string",
"description": "string",
"createdAt": "string",
"cookieMaxAge": "string",
"autoCreateAccountOnLogin": "boolean",
"issuer": "string",
"ssoBinding": "string",
"ssoUrl": "string",
"securitySettings": {
"encryptedAssertions": "boolean",
"forceAuthn": "boolean"
},
"caseInsensitiveNameIds": "boolean",
"labels": "string"
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
Field |
Description |
id |
string ID of the operation. |
description |
string Description of the operation. 0-256 characters long. |
createdAt |
string (date-time) Creation timestamp. String in RFC3339 To work with values in this field, use the APIs described in the |
createdBy |
string ID of the user or service account who initiated the operation. |
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 To work with values in this field, use the APIs described in the |
done |
boolean If the value is |
metadata |
Service-specific metadata associated with the operation. |
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
response |
The normal response of the operation in case of success. Includes only one of the fields The operation result. |
CreateFederationMetadata
Field |
Description |
federationId |
string ID of the federation that is being created. |
Status
The error result of the operation in case of failure or cancellation.
Field |
Description |
code |
integer (int32) Error code. An enum value of google.rpc.Code |
message |
string An error message. |
details[] |
object A list of messages that carry the error details. |
Federation
A federation.
For more information, see SAML-compatible identity federations.
Field |
Description |
id |
string Required field. ID of the federation. |
organizationId |
string ID of the organization that the federation belongs to. |
name |
string Required field. Name of the federation. |
description |
string Description of the federation. |
createdAt |
string (date-time) Creation timestamp. String in RFC3339 To work with values in this field, use the APIs described in the |
cookieMaxAge |
string (duration) Browser cookie lifetime in seconds. |
autoCreateAccountOnLogin |
boolean Add new users automatically on successful authentication. If the value is |
issuer |
string Required field. ID of the IdP server to be used for authentication. |
ssoBinding |
enum (BindingType) Single sign-on endpoint binding type. Most Identity Providers support the SAML Binding is a mapping of a SAML protocol message onto standard messaging
|
ssoUrl |
string Required field. Single sign-on endpoint URL. |
securitySettings |
Federation security settings. |
caseInsensitiveNameIds |
boolean Use case insensitive Name IDs. |
labels |
string Resource labels as |
FederationSecuritySettings
Federation security settings.
Field |
Description |
encryptedAssertions |
boolean Enable encrypted assertions. |
forceAuthn |
boolean Value parameter ForceAuthn in SAMLRequest. |