SAML Federation API, REST: Federation.Create

Field

Description

organizationId

string

Required field. ID of the organization to create a federation in.
To get the organization ID, make a yandex.cloud.organizationmanager.v1.OrganizationService.List request.

The maximum string length in characters is 50.

name

string

Required field. Name of the federation.
The name must be unique within the organization.

Value must match the regular expression [a-z]([-a-z0-9]{0,61}[a-z0-9])?.

description

string

Description of the federation.

The maximum string length in characters is 256.

cookieMaxAge

string (duration)

Browser cookie lifetime in seconds.
If the cookie is still valid, the management console
authenticates the user immediately and redirects them to the home page.
The default value is 8h.

autoCreateAccountOnLogin

boolean

Add new users automatically on successful authentication.
The user becomes member of the organization automatically,
but you need to grant other roles to them.
If the value is false, users who aren't added to the organization
can't log in, even if they have authenticated on your server.

issuer

string

Required field. ID of the IdP server to be used for authentication.
The IdP server also responds to IAM with this ID after the user authenticates.

The maximum string length in characters is 8000.

ssoBinding

enum (BindingType)

Required field. Single sign-on endpoint binding type. Most Identity Providers support the POST binding type.
SAML Binding is a mapping of a SAML protocol message onto standard messaging
formats and/or communications protocols.

• POST: HTTP POST binding.
• REDIRECT: HTTP redirect binding.
• ARTIFACT: HTTP artifact binding.

ssoUrl

string

Required field. Single sign-on endpoint URL.
Specify the link to the IdP login page here.

The maximum string length in characters is 8000.

securitySettings

FederationSecuritySettings

Federation security settings.

caseInsensitiveNameIds

boolean

Use case insensitive Name IDs.

labels

object (map<string, string>)

Resource labels as key:value pairs.

The maximum string length in characters for each value is 63. The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_0-9a-z]*. Each value must match the regular expression [-_0-9a-z]*. No more than 64 per resource.

Field

Description

encryptedAssertions

boolean

Enable encrypted assertions.

forceAuthn

boolean

Value parameter ForceAuthn in SAMLRequest.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

done

boolean

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

object

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

object

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

Field

Description

code

integer (int32)

Error code. An enum value of google.rpc.Code.

message

string

An error message.

details[]

object

A list of messages that carry the error details.