Finalize a SAML Request and get the response.

POST 
/v2/saml/saml_requests/:samlRequestId

Finalize a SAML Request and get the response definition for success or failure. The response must be handled as per the SAML definition to inform the application about the success or failure. On success, the response contains details for the application to obtain the SAMLResponse. This method can only be called once for an SAML request.

Request

Path Parameters

samlRequestId stringrequired

ID of the SAML Request.

application/json

Body

required

session

object

sessionId string

Possible values: non-empty and <= 200 characters

ID of the session, used to login the user. Connects the session to the SAML Request.

sessionToken string

Possible values: non-empty and <= 200 characters

Token to verify the session is valid.

error

object

Set this field when the authorization flow failed. It creates a response depending on the SP, with the error details set.

error string

Possible values: [ERROR_REASON_UNSPECIFIED, ERROR_REASON_VERSION_MISSMATCH, ERROR_REASON_AUTH_N_FAILED, ERROR_REASON_INVALID_ATTR_NAME_OR_VALUE, ERROR_REASON_INVALID_NAMEID_POLICY, ERROR_REASON_REQUEST_DENIED, ERROR_REASON_REQUEST_UNSUPPORTED, ERROR_REASON_UNSUPPORTED_BINDING]

Default value: ERROR_REASON_UNSPECIFIED

errorDescription string

application/grpc

Body

required

session

object

sessionId string

Possible values: non-empty and <= 200 characters

ID of the session, used to login the user. Connects the session to the SAML Request.

sessionToken string

Possible values: non-empty and <= 200 characters

Token to verify the session is valid.

error

object

Set this field when the authorization flow failed. It creates a response depending on the SP, with the error details set.

error string

Possible values: [ERROR_REASON_UNSPECIFIED, ERROR_REASON_VERSION_MISSMATCH, ERROR_REASON_AUTH_N_FAILED, ERROR_REASON_INVALID_ATTR_NAME_OR_VALUE, ERROR_REASON_INVALID_NAMEID_POLICY, ERROR_REASON_REQUEST_DENIED, ERROR_REASON_REQUEST_UNSUPPORTED, ERROR_REASON_UNSUPPORTED_BINDING]

Default value: ERROR_REASON_UNSPECIFIED

errorDescription string

application/grpc-web+proto

Body

required

session

object

sessionId string

Possible values: non-empty and <= 200 characters

ID of the session, used to login the user. Connects the session to the SAML Request.

sessionToken string

Possible values: non-empty and <= 200 characters

Token to verify the session is valid.

error

object

Set this field when the authorization flow failed. It creates a response depending on the SP, with the error details set.

error string

Possible values: [ERROR_REASON_UNSPECIFIED, ERROR_REASON_VERSION_MISSMATCH, ERROR_REASON_AUTH_N_FAILED, ERROR_REASON_INVALID_ATTR_NAME_OR_VALUE, ERROR_REASON_INVALID_NAMEID_POLICY, ERROR_REASON_REQUEST_DENIED, ERROR_REASON_REQUEST_UNSUPPORTED, ERROR_REASON_UNSUPPORTED_BINDING]

Default value: ERROR_REASON_UNSPECIFIED

errorDescription string

Responses

200

OK

application/json

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)
url string

URL including the Assertion Consumer Service where the user should be redirected or has to call per POST, depending on the binding. Contains details for the application to obtain the response on success, or error details on failure. Note that this field must be treated as credentials, as the contained SAMLResponse or code can be used on behalve of the user.

redirect object

Set if the binding is Redirect-Binding, where the user can directly be redirected to the application, using a "302 FOUND" status to the URL.

post

object

Set if the binding is POST-Binding, where the application expects to be called per HTTP POST with the SAMLResponse and RelayState in the form body.

relayState string

samlResponse string

Example (from schema)

{
  "details": {
    "sequence": "2",
    "changeDate": "2025-02-05T15:42:36.528Z",
    "resourceOwner": "69629023906488334"
  },
  "url": "https://client.example.org/cb",
  "redirect": {},
  "post": {
    "relayState": "string",
    "samlResponse": "string"
  }
}

application/grpc

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)
url string

URL including the Assertion Consumer Service where the user should be redirected or has to call per POST, depending on the binding. Contains details for the application to obtain the response on success, or error details on failure. Note that this field must be treated as credentials, as the contained SAMLResponse or code can be used on behalve of the user.

redirect object

Set if the binding is Redirect-Binding, where the user can directly be redirected to the application, using a "302 FOUND" status to the URL.

post

object

Set if the binding is POST-Binding, where the application expects to be called per HTTP POST with the SAMLResponse and RelayState in the form body.

relayState string

samlResponse string

Example (from schema)

{
  "details": {
    "sequence": "2",
    "changeDate": "2025-02-05T15:42:36.529Z",
    "resourceOwner": "69629023906488334"
  },
  "url": "https://client.example.org/cb",
  "redirect": {},
  "post": {
    "relayState": "string",
    "samlResponse": "string"
  }
}

application/grpc-web+proto

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)
url string

URL including the Assertion Consumer Service where the user should be redirected or has to call per POST, depending on the binding. Contains details for the application to obtain the response on success, or error details on failure. Note that this field must be treated as credentials, as the contained SAMLResponse or code can be used on behalve of the user.

redirect object

Set if the binding is Redirect-Binding, where the user can directly be redirected to the application, using a "302 FOUND" status to the URL.

post

object

Set if the binding is POST-Binding, where the application expects to be called per HTTP POST with the SAMLResponse and RelayState in the form body.

relayState string

samlResponse string

Example (from schema)

{
  "details": {
    "sequence": "2",
    "changeDate": "2025-02-05T15:42:36.529Z",
    "resourceOwner": "69629023906488334"
  },
  "url": "https://client.example.org/cb",
  "redirect": {},
  "post": {
    "relayState": "string",
    "samlResponse": "string"
  }
}

403

Returned when the user does not have permission to access the resource.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

404

Returned when the resource does not exist.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Loading...