Root Schema : OrchestratorInput
Type: object
Data-Set of IDP and SP Partner
Show Source
{
"type":"object",
"description":"Data-Set of IDP and SP Partner",
"properties":{
"idpPartnerInfo":{
"type":"object",
"description":"IDP Partner Info.",
"properties":{
"metadataB64":{
"type":"string",
"description":"the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, metadataURL will be used"
},
"metadataURL":{
"type":"string",
"description":"URL where the IdP metadata can be downloaded"
},
"partnerType":{
"type":"string",
"description":"<p>the type of IDP to being configured:</p><ul><li>If idptype is onpremise, then the orchestrator will not attempt to connect to REST services on the remote IdP server</li><li>If idptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server</li></ul><p><b>NOTE: If emailaddress, then the NameID value of an Assertion created by the IdP will contain t IdP he user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user ID. This will be sent to the remote SP partner REST service</b></p>",
"enum":[
"emailaddres",
"unspecified"
]
},
"partnerName":{
"type":"string",
"description":"the partner name to be used"
},
"tenantName":{
"type":"string",
"description":"the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)"
},
"tenantURL":{
"type":"string",
"description":"the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)"
},
"tenantKeyName":{
"type":"string",
"description":"tenant key name for IDP Partner"
},
"tenantKeyValue":{
"type":"string",
"description":"tenant key value for IDP Partner"
},
"nameIDFormat":{
"type":"string",
"description":"the NameID format used during Federation SSO",
"enum":[
"emailaddress",
"unspecified"
]
},
"ssoProfile":{
"type":"string",
"description":"the SAML 2.0 SSO profile to use",
"enum":[
"artifact",
"httppost"
]
},
"attributeLDAP":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"attributeSAML":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"faWelcomePage":{
"type":"string",
"description":"the default relay state to set in that will be used by the SP(optional)"
},
"generateNewKeys":{
"type":"string",
"description":"indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)",
"enum":[
"true",
"false"
]
},
"validityNewKeys":{
"type":"string",
"description":"indicates the validity in days of the self signed certificates"
},
"preverify":{
"type":"boolean",
"description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service"
},
"providerID":{
"type":"string",
"description":"the IdP's ProviderID. This will be sent to the remote SP partner REST service succinctID: the SHA-1 hash of the IdP's ProviderID"
},
"ssoURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service"
},
"ssoSOAPURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service"
},
"logoutRequestURL":{
"type":"string",
"description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML . This will be sent to the remote SP partner REST service"
},
"logoutResponseURL":{
"type":"string",
"description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse. This will be sent to the remote SP partner REST service"
},
"assertionConsumerURL":{
"type":"string",
"description":"the SP SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion"
},
"succinctID":{
"type":"string",
"description":"the SHA-1 hash of the IdP's ProviderID"
},
"signingCert":{
"type":"string",
"description":"the IdP Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions. This will be sent to the remote SP partner REST service"
},
"encryptionCert":{
"type":"string",
"description":"IdP the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages. This will be sent to the remote SP partner REST service"
},
"lastNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)"
},
"firstNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)"
},
"userNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)"
},
"emailAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)"
},
"staticAttrName":{
"type":"string",
"description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"staticAttrValue":{
"type":"string",
"description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"customAttrsStr":{
"type":"string",
"description":"indicates a list of optional attributes should be sent by the IdP (if missing, then the attribute will not be sent)"
},
"ssoMobile":{
"type":"string",
"description":"Mobile SSO for the IDP Partner"
},
"ssoChooser":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"ssoFederation":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"oamLogoutDoneURL":{
"type":"string",
"description":"OAM Logout for the IDP Partner"
},
"oamAdminUser":{
"type":"string",
"description":"the WLS Admin username used to issue an OAM admin command"
},
"oamAdminPassword":{
"type":"string",
"description":"the password for the WLS Admin username used to issue an OAM admin command"
},
"oamAdminHost":{
"type":"string",
"description":"the hostname where WLS Admin server is installed"
},
"oamAdminPort":{
"type":"integer",
"description":"the port where WLS Admin server is installed"
},
"adminFedInstanceType":{
"type":"string",
"description":"indicates the type of Federation partner<p>NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server</p>",
"enum":[
"facloud",
"onpremise"
]
}
}
},
"spPartnerInfo":{
"type":"object",
"description":"SP Partner Info.",
"properties":{
"metadataB64":{
"type":"string",
"description":"the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, spmetadataurl will be used"
},
"metadataURL":{
"type":"string",
"description":"URL where the SP metadata can be downloaded"
},
"partnerType":{
"type":"string",
"description":"the type of SP being configured <ul><li>If sptype is sp_manual, taleo_manual , eloqua_manual or rightnow_manual, then the orchestrator will not attempt to connect to REST services on the remote SP server</li><li>If sptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server</li></ul>"
},
"partnerName":{
"type":"string",
"description":"the partner name to be used"
},
"tenantName":{
"type":"string",
"description":"the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)"
},
"tenantURL":{
"type":"string",
"description":"the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)"
},
"tenantKeyName":{
"type":"string",
"description":""
},
"tenantKeyValue":{
"type":"string",
"description":""
},
"nameIDFormat":{
"type":"string",
"description":"the NameID format used during Federation SSO",
"enum":[
"emailaddress",
"unspecified"
]
},
"ssoProfile":{
"type":"string",
"description":"the SAML 2.0 SSO profile to use (artifact or httppost)",
"enum":[
"artifact",
"httppost"
]
},
"attributeLDAP":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"attributeSAML":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"faWelcomePage":{
"type":"string",
"description":"the default relay state to set in that will be used by the SP(optional)"
},
"generateNewKeys":{
"type":"string",
"description":"indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)",
"enum":[
"true",
"false"
]
},
"validityNewKeys":{
"type":"string",
"description":"indicates the validity in days of the self signed certificates"
},
"preverify":{
"type":"boolean",
"description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service"
},
"providerID":{
"type":"string",
"description":"Provider ID of the SP Partner"
},
"ssoURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service"
},
"ssoSOAPURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service"
},
"logoutRequestURL":{
"type":"string",
"description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML"
},
"logoutResponseURL":{
"type":"string",
"description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse"
},
"assertionConsumerURL":{
"type":"string",
"description":"Assertion Consumer URL for the SP Partner"
},
"succinctID":{
"type":"string",
"description":"Succinct ID for the SP Partner"
},
"signingCert":{
"type":"string",
"description":"the Base64 encoded X.509 SP Signing Certificate used by the SP to sign messages"
},
"encryptionCert":{
"type":"string",
"description":"the Base64 encoded X.509 SP Encryption Certificate used by the SP to decrypt encrypted SAML messages"
},
"lastNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)"
},
"firstNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)"
},
"userNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)"
},
"emailAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)"
},
"staticAttrName":{
"type":"string",
"description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"staticAttrValue":{
"type":"string",
"description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"customAttrsStr":{
"type":"string",
"description":"indicates a list of optional attributes should be sent (if missing, then the attribute will not be sent)"
},
"ssoMobile":{
"type":"string",
"description":"Mobile SSO for the SP Partner"
},
"ssoChooser":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"ssoFederation":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"testSP":{
"type":"string",
"description":"true or false to indicate if the Test SP App should be enabled/disabled",
"enum":[
"true",
"false"
]
},
"oamLogoutDoneURL":{
"type":"string",
"description":"OAM Logout URL for the SP Partner"
},
"oamAdminUser":{
"type":"string",
"description":"the WLS admin for the SP server"
},
"oamAdminPassword":{
"type":"string",
"description":"the password for WLS admin for the SP server"
},
"oamAdminHost":{
"type":"string",
"description":"the hostname where WLS Admin server is installed"
},
"oamAdminPort":{
"type":"integer",
"description":"the port where WLS Admin server is installed"
},
"adminFedInstanceType":{
"type":"string",
"description":"indicates the type of Federation partner<p>NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server</p>",
"enum":[
"facloud",
"onpremise"
]
}
}
},
"idpRestURL":{
"type":"string",
"description":"the REST URL for the IdP server"
},
"idpAdmin":{
"type":"string",
"description":"the WLS admin for the IdP server"
},
"idpAdminPassword":{
"type":"string",
"description":"the password for WLS admin for the IdP server"
},
"spRestURL":{
"type":"string",
"description":"the REST URL for the SP server"
},
"spAdmin":{
"type":"string",
"description":"the WLS admin for the SP server"
},
"spAdminPassword":{
"type":"string",
"description":"the password for WLS admin for the SP server"
},
"command":{
"type":"string",
"description":"command for the orchestration"
}
},
"xml":{
"name":"OrchestratorInput"
}
}
Nested Schema : idpPartnerInfo
Type: object
IDP Partner Info.
Show Source
-
adminFedInstanceType:
string
Allowed Values: [
"facloud",
"onpremise"
]
indicates the type of Federation partner
NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server
-
assertionConsumerURL:
string
the SP SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion
-
attributeLDAP:
string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
attributeSAML:
string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
customAttrsStr:
string
indicates a list of optional attributes should be sent by the IdP (if missing, then the attribute will not be sent)
-
emailAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)
-
encryptionCert:
string
IdP the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages. This will be sent to the remote SP partner REST service
-
faWelcomePage:
string
the default relay state to set in that will be used by the SP(optional)
-
firstNameAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)
-
generateNewKeys:
string
Allowed Values: [
"true",
"false"
]
indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)
-
lastNameAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)
-
logoutRequestURL:
string
the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML . This will be sent to the remote SP partner REST service
-
logoutResponseURL:
string
the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse. This will be sent to the remote SP partner REST service
-
metadataB64:
string
the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, metadataURL will be used
-
metadataURL:
string
URL where the IdP metadata can be downloaded
-
nameIDFormat:
string
Allowed Values: [
"emailaddress",
"unspecified"
]
the NameID format used during Federation SSO
-
oamAdminHost:
string
the hostname where WLS Admin server is installed
-
oamAdminPassword:
string
the password for the WLS Admin username used to issue an OAM admin command
-
oamAdminPort:
integer
the port where WLS Admin server is installed
-
oamAdminUser:
string
the WLS Admin username used to issue an OAM admin command
-
oamLogoutDoneURL:
string
OAM Logout for the IDP Partner
-
partnerName:
string
the partner name to be used
-
partnerType:
string
Allowed Values: [
"emailaddres",
"unspecified"
]
the type of IDP to being configured:
- If idptype is onpremise, then the orchestrator will not attempt to connect to REST services on the remote IdP server
- If idptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server
NOTE: If emailaddress, then the NameID value of an Assertion created by the IdP will contain t IdP he user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user ID. This will be sent to the remote SP partner REST service
-
preverify:
boolean
boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service
-
providerID:
string
the IdP's ProviderID. This will be sent to the remote SP partner REST service succinctID: the SHA-1 hash of the IdP's ProviderID
-
signingCert:
string
the IdP Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions. This will be sent to the remote SP partner REST service
-
ssoChooser:
string
Allowed Values: [
"true",
"false"
]
indicates whether or not SSO should be enabled
-
ssoFederation:
string
Allowed Values: [
"true",
"false"
]
indicates whether or not SSO should be enabled
-
ssoMobile:
string
Mobile SSO for the IDP Partner
-
ssoProfile:
string
Allowed Values: [
"artifact",
"httppost"
]
the SAML 2.0 SSO profile to use
-
ssoSOAPURL:
string
the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service
-
ssoURL:
string
the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service
-
staticAttrName:
string
indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
-
staticAttrValue:
string
indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
-
succinctID:
string
the SHA-1 hash of the IdP's ProviderID
-
tenantKeyName:
string
tenant key name for IDP Partner
-
tenantKeyValue:
string
tenant key value for IDP Partner
-
tenantName:
string
the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)
-
tenantURL:
string
the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)
-
userNameAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)
-
validityNewKeys:
string
indicates the validity in days of the self signed certificates
{
"type":"object",
"description":"IDP Partner Info.",
"properties":{
"metadataB64":{
"type":"string",
"description":"the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, metadataURL will be used"
},
"metadataURL":{
"type":"string",
"description":"URL where the IdP metadata can be downloaded"
},
"partnerType":{
"type":"string",
"description":"<p>the type of IDP to being configured:</p><ul><li>If idptype is onpremise, then the orchestrator will not attempt to connect to REST services on the remote IdP server</li><li>If idptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server</li></ul><p><b>NOTE: If emailaddress, then the NameID value of an Assertion created by the IdP will contain t IdP he user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user ID. This will be sent to the remote SP partner REST service</b></p>",
"enum":[
"emailaddres",
"unspecified"
]
},
"partnerName":{
"type":"string",
"description":"the partner name to be used"
},
"tenantName":{
"type":"string",
"description":"the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)"
},
"tenantURL":{
"type":"string",
"description":"the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)"
},
"tenantKeyName":{
"type":"string",
"description":"tenant key name for IDP Partner"
},
"tenantKeyValue":{
"type":"string",
"description":"tenant key value for IDP Partner"
},
"nameIDFormat":{
"type":"string",
"description":"the NameID format used during Federation SSO",
"enum":[
"emailaddress",
"unspecified"
]
},
"ssoProfile":{
"type":"string",
"description":"the SAML 2.0 SSO profile to use",
"enum":[
"artifact",
"httppost"
]
},
"attributeLDAP":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"attributeSAML":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"faWelcomePage":{
"type":"string",
"description":"the default relay state to set in that will be used by the SP(optional)"
},
"generateNewKeys":{
"type":"string",
"description":"indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)",
"enum":[
"true",
"false"
]
},
"validityNewKeys":{
"type":"string",
"description":"indicates the validity in days of the self signed certificates"
},
"preverify":{
"type":"boolean",
"description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service"
},
"providerID":{
"type":"string",
"description":"the IdP's ProviderID. This will be sent to the remote SP partner REST service succinctID: the SHA-1 hash of the IdP's ProviderID"
},
"ssoURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service"
},
"ssoSOAPURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service"
},
"logoutRequestURL":{
"type":"string",
"description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML . This will be sent to the remote SP partner REST service"
},
"logoutResponseURL":{
"type":"string",
"description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse. This will be sent to the remote SP partner REST service"
},
"assertionConsumerURL":{
"type":"string",
"description":"the SP SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion"
},
"succinctID":{
"type":"string",
"description":"the SHA-1 hash of the IdP's ProviderID"
},
"signingCert":{
"type":"string",
"description":"the IdP Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions. This will be sent to the remote SP partner REST service"
},
"encryptionCert":{
"type":"string",
"description":"IdP the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages. This will be sent to the remote SP partner REST service"
},
"lastNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)"
},
"firstNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)"
},
"userNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)"
},
"emailAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)"
},
"staticAttrName":{
"type":"string",
"description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"staticAttrValue":{
"type":"string",
"description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"customAttrsStr":{
"type":"string",
"description":"indicates a list of optional attributes should be sent by the IdP (if missing, then the attribute will not be sent)"
},
"ssoMobile":{
"type":"string",
"description":"Mobile SSO for the IDP Partner"
},
"ssoChooser":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"ssoFederation":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"oamLogoutDoneURL":{
"type":"string",
"description":"OAM Logout for the IDP Partner"
},
"oamAdminUser":{
"type":"string",
"description":"the WLS Admin username used to issue an OAM admin command"
},
"oamAdminPassword":{
"type":"string",
"description":"the password for the WLS Admin username used to issue an OAM admin command"
},
"oamAdminHost":{
"type":"string",
"description":"the hostname where WLS Admin server is installed"
},
"oamAdminPort":{
"type":"integer",
"description":"the port where WLS Admin server is installed"
},
"adminFedInstanceType":{
"type":"string",
"description":"indicates the type of Federation partner<p>NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server</p>",
"enum":[
"facloud",
"onpremise"
]
}
}
}
Nested Schema : spPartnerInfo
Type: object
SP Partner Info.
Show Source
-
adminFedInstanceType:
string
Allowed Values: [
"facloud",
"onpremise"
]
indicates the type of Federation partner
NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server
-
assertionConsumerURL:
string
Assertion Consumer URL for the SP Partner
-
attributeLDAP:
string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
attributeSAML:
string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
customAttrsStr:
string
indicates a list of optional attributes should be sent (if missing, then the attribute will not be sent)
-
emailAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)
-
encryptionCert:
string
the Base64 encoded X.509 SP Encryption Certificate used by the SP to decrypt encrypted SAML messages
-
faWelcomePage:
string
the default relay state to set in that will be used by the SP(optional)
-
firstNameAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)
-
generateNewKeys:
string
Allowed Values: [
"true",
"false"
]
indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)
-
lastNameAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)
-
logoutRequestURL:
string
the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML
-
logoutResponseURL:
string
the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse
-
metadataB64:
string
the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, spmetadataurl will be used
-
metadataURL:
string
URL where the SP metadata can be downloaded
-
nameIDFormat:
string
Allowed Values: [
"emailaddress",
"unspecified"
]
the NameID format used during Federation SSO
-
oamAdminHost:
string
the hostname where WLS Admin server is installed
-
oamAdminPassword:
string
the password for WLS admin for the SP server
-
oamAdminPort:
integer
the port where WLS Admin server is installed
-
oamAdminUser:
string
the WLS admin for the SP server
-
oamLogoutDoneURL:
string
OAM Logout URL for the SP Partner
-
partnerName:
string
the partner name to be used
-
partnerType:
string
the type of SP being configured
- If sptype is sp_manual, taleo_manual , eloqua_manual or rightnow_manual, then the orchestrator will not attempt to connect to REST services on the remote SP server
- If sptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server
-
preverify:
boolean
boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service
-
providerID:
string
Provider ID of the SP Partner
-
signingCert:
string
the Base64 encoded X.509 SP Signing Certificate used by the SP to sign messages
-
ssoChooser:
string
Allowed Values: [
"true",
"false"
]
indicates whether or not SSO should be enabled
-
ssoFederation:
string
Allowed Values: [
"true",
"false"
]
indicates whether or not SSO should be enabled
-
ssoMobile:
string
Mobile SSO for the SP Partner
-
ssoProfile:
string
Allowed Values: [
"artifact",
"httppost"
]
the SAML 2.0 SSO profile to use (artifact or httppost)
-
ssoSOAPURL:
string
the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service
-
ssoURL:
string
the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service
-
staticAttrName:
string
indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
-
staticAttrValue:
string
indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
-
succinctID:
string
Succinct ID for the SP Partner
-
tenantKeyName:
string
-
tenantKeyValue:
string
-
tenantName:
string
the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)
-
tenantURL:
string
the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)
-
testSP:
string
Allowed Values: [
"true",
"false"
]
true or false to indicate if the Test SP App should be enabled/disabled
-
userNameAttrName:
string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)
-
validityNewKeys:
string
indicates the validity in days of the self signed certificates
{
"type":"object",
"description":"SP Partner Info.",
"properties":{
"metadataB64":{
"type":"string",
"description":"the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, spmetadataurl will be used"
},
"metadataURL":{
"type":"string",
"description":"URL where the SP metadata can be downloaded"
},
"partnerType":{
"type":"string",
"description":"the type of SP being configured <ul><li>If sptype is sp_manual, taleo_manual , eloqua_manual or rightnow_manual, then the orchestrator will not attempt to connect to REST services on the remote SP server</li><li>If sptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server</li></ul>"
},
"partnerName":{
"type":"string",
"description":"the partner name to be used"
},
"tenantName":{
"type":"string",
"description":"the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)"
},
"tenantURL":{
"type":"string",
"description":"the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)"
},
"tenantKeyName":{
"type":"string",
"description":""
},
"tenantKeyValue":{
"type":"string",
"description":""
},
"nameIDFormat":{
"type":"string",
"description":"the NameID format used during Federation SSO",
"enum":[
"emailaddress",
"unspecified"
]
},
"ssoProfile":{
"type":"string",
"description":"the SAML 2.0 SSO profile to use (artifact or httppost)",
"enum":[
"artifact",
"httppost"
]
},
"attributeLDAP":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"attributeSAML":{
"type":"string",
"description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
},
"faWelcomePage":{
"type":"string",
"description":"the default relay state to set in that will be used by the SP(optional)"
},
"generateNewKeys":{
"type":"string",
"description":"indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)",
"enum":[
"true",
"false"
]
},
"validityNewKeys":{
"type":"string",
"description":"indicates the validity in days of the self signed certificates"
},
"preverify":{
"type":"boolean",
"description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service"
},
"providerID":{
"type":"string",
"description":"Provider ID of the SP Partner"
},
"ssoURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service"
},
"ssoSOAPURL":{
"type":"string",
"description":"the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service"
},
"logoutRequestURL":{
"type":"string",
"description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML"
},
"logoutResponseURL":{
"type":"string",
"description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse"
},
"assertionConsumerURL":{
"type":"string",
"description":"Assertion Consumer URL for the SP Partner"
},
"succinctID":{
"type":"string",
"description":"Succinct ID for the SP Partner"
},
"signingCert":{
"type":"string",
"description":"the Base64 encoded X.509 SP Signing Certificate used by the SP to sign messages"
},
"encryptionCert":{
"type":"string",
"description":"the Base64 encoded X.509 SP Encryption Certificate used by the SP to decrypt encrypted SAML messages"
},
"lastNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)"
},
"firstNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)"
},
"userNameAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)"
},
"emailAttrName":{
"type":"string",
"description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)"
},
"staticAttrName":{
"type":"string",
"description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"staticAttrValue":{
"type":"string",
"description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required"
},
"customAttrsStr":{
"type":"string",
"description":"indicates a list of optional attributes should be sent (if missing, then the attribute will not be sent)"
},
"ssoMobile":{
"type":"string",
"description":"Mobile SSO for the SP Partner"
},
"ssoChooser":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"ssoFederation":{
"type":"string",
"description":"indicates whether or not SSO should be enabled",
"enum":[
"true",
"false"
]
},
"testSP":{
"type":"string",
"description":"true or false to indicate if the Test SP App should be enabled/disabled",
"enum":[
"true",
"false"
]
},
"oamLogoutDoneURL":{
"type":"string",
"description":"OAM Logout URL for the SP Partner"
},
"oamAdminUser":{
"type":"string",
"description":"the WLS admin for the SP server"
},
"oamAdminPassword":{
"type":"string",
"description":"the password for WLS admin for the SP server"
},
"oamAdminHost":{
"type":"string",
"description":"the hostname where WLS Admin server is installed"
},
"oamAdminPort":{
"type":"integer",
"description":"the port where WLS Admin server is installed"
},
"adminFedInstanceType":{
"type":"string",
"description":"indicates the type of Federation partner<p>NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server</p>",
"enum":[
"facloud",
"onpremise"
]
}
}
}