Create Partner
post
/oam/services/rest/11.1.2.0.0/fed/admin/trustedidppartners
The REST endpoint service request is used to create trusted IDP Partner using FORM data.
Request
Supported Media Types
- multipart/form-data
Form Parameters
-
attributeLDAP: string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
attributeSAML: string
indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
-
encryptionCert: string
the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages
-
faWelcomePage: string
the default relay state to set in that IdP partner entry
-
generateNewKeys: string
indicates whether or not new keys and corresponding self signed certificates should be generated for SAML operations, indicates if new cryptographic materials should be re-generatedAllowed Values:
[ "true", "false" ] -
idpPartnerName: string
the partner name to be used
-
idpProviderID: string
the IdP's ProviderID
-
logoutRequestURL: string
the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML
-
logoutResponseURL: string
the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse
-
metadata: string
the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, idpmetadataurl will be used. If missing, the assertionConsumerServiceArtifactURL, assertionConsumerServicePOSTURL, logoutRequestURL, logoutResponseURL, signingCert and encryptionCert fields must be set, otherwise those fields will be ignored
-
metadataURL: string
URL where the IdP metadata can be downloaded
-
nameIDFormat: string
the NameID format used during Federation SSO, emailaddress or unspecified. If emailaddress, then the NameID value of an Assertion created by the IdP will contain the user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user's IDAllowed Values:
[ "emailaddress", "unspecified" ] -
preverify: string
will test the data-set of idp partner but will not create the actual partner if set to 'true'Default Value:
false -
signingCert: string
the Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions
-
spTenantName: string
the customer's tenant name in the targeted service. For example, the customer ACME Corp might be known in PaaS as acme and in Taleo as acmecorp. (only used if OIF is multi tenant enabled)
-
spTenantURL: string
the customers' tenant URL path. (only used if OIF is multi tenant enabled)
-
ssoProfile: string
the SAML 2.0 SSO profile to useAllowed Values:
[ "artifact", "httppost" ] -
ssoSOAPURL: string
the SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile
-
ssoURL: string
the SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile
-
succinctID: string
the SHA-1 hash of the ProviderID. It is a mandatory field in case of artifact response.
-
validityNewKeys: string
indicates the validity in days of the self signed certificates
Response
Supported Media Types
- application/json
200 Response
OK
Status Response
Root Schema : statusResponse
Type:
objectStatus Response
Show Source
-
status:
integer(int32)
Status Code: 1 for success and 0 for failure
-
statusMessage:
string
Status Message
400 Response
Bad Request.
500 Response
INTERNAL SERVER ERROR.