Orchestrator Service
post
/oam/services/rest/11.1.2.0.0/fed/admin/orchestratorservice
The REST endpoint service request is used to create trusted IDP Partner using FORM data.
Request
Supported Media Types
- multipart/form-data
Form Parameters
-
assertionConsumerURL: string
the SP SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion
-
attributeLDAP: string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
attributeSAML: string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
command: string
command for Orchestration to create trusted SP and IDP Partner the value should be 'setupSPAndIdPTrust')Allowed Values:
[ "setupSPAndIdPTrust", "configureSSO", "configureTestSP" ]
-
customAttrs: string
indicates a list of optional attributes should be sent (if missing, then the attribute will not be sent)
-
emailAttrName: string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)
-
faWelcomePage: string
the default relay state to set in that will be used by the SP(optional)
-
firstNameAttrName: string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)
-
idpEncryptionCert: string
IdP the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages. This will be sent to the remote SP partner REST service
-
idpLogoutRequestURL: string
the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML . This will be sent to the remote SP partner REST service
-
idpLogoutResponseURL: string
the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse. This will be sent to the remote SP partner REST service
-
idpPartnerName: string
the partner name to be used
-
idpProviderID: string
the IdP's ProviderID. This will be sent to the remote SP partner REST service succinctID: the SHA-1 hash of the IdP's ProviderID
-
idpSigningCert: string
the IdP Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions. This will be sent to the remote SP partner REST service
-
idpadminpassword: string
the password for WLS admin for the IdP server
-
idpadminuser: string
the WLS admin for the IdP server
-
idpmetadata: string
the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, metadataURL will be used
-
idpmetadataurl: string
URL where the IdP metadata can be downloaded
-
idpresturl: string
the REST URL for the IdP server
-
idptype: string
the type of IDP to being configured:
- If idptype is onpremise, then the orchestrator will not attempt to connect to REST services on the remote IdP server
- If idptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server
NOTE: If emailaddress, then the NameID value of an Assertion created by the IdP will contain t IdP he user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user ID. This will be sent to the remote SP partner REST service
-
lastNameAttrName: string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)
-
nameIDFormat: string
the NameID format used during Federation SSOAllowed Values:
[ "emailaddress", "unspecified" ]
-
oamadminhost: string
the hostname where WLS Admin server is installed
-
oamadminpassword: string
the password for WLS admin for the SP server
-
oamadminport: string
the port where WLS Admin server is installed
-
oamadminuser: string
the WLS admin for the SP server
-
preverify: string
boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service
-
spEncryptionCert: string
the Base64 encoded X.509 SP Encryption Certificate used by the SP to decrypt encrypted SAML messages
-
spLogoutRequestURL: string
the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML
-
spLogoutResponseURL: string
the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse
-
spPartnerName: string
the partner name to be used
-
spProviderID: string
Provider ID of the SP Partner
-
spSigningCert: string
the Base64 encoded X.509 SP Signing Certificate used by the SP to sign messages
-
spadminpassword: string
the password for WLS admin for the SP server
-
spadminuser: string
the WLS admin for the SP server
-
spmetadata: string
the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, spmetadataurl will be used
-
spmetadataurl: string
URL where the SP metadata can be downloaded
-
spresturl: string
the REST URL for the SP server
-
sptype: string
the type of SP being configured
- If sptype is sp_manual, taleo_manual , eloqua_manual or rightnow_manual, then the orchestrator will not attempt to connect to REST services on the remote SP server
- If sptype is something else, then the orchestrator will attempt to connect to REST services on the remote SP server
-
ssoChooser: string
indicates whether or not SSO should be enabledAllowed Values:
[ "true", "false" ]
-
ssoFederation: string
indicates whether or not SSO should be enabledAllowed Values:
[ "true", "false" ]
-
ssoMobile: string
Mobile SSO for the SP Partner
-
ssoProfile: string
the SAML 2.0 SSO profile to useAllowed Values:
[ "artifact", "httppost" ]
-
ssoSOAPURL: string
the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service
-
ssoURL: string
the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service
-
staticAttrName: string
indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
-
staticAttrValue: string
indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required
-
succinctID: string
the SHA-1 hash of the IdP's ProviderID
-
userNameAttrName: string
indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)
Response
Supported Media Types
- application/json
200 Response
OK
Status Response
Root Schema : statusResponse
Type:
object
Status Response
Show Source
-
status:
integer(int32)
Status Code: 1 for success and 0 for failure
-
statusMessage:
string
Status Message
400 Response
Bad Request.
500 Response
INTERNAL SERVER ERROR.