Jump to

• Request
• Response

Create Partner

post

/oam/services/rest/11.1.2.0.0/fed/admin/trustedpartners/idp/{partnerName}

A specific IdP partner resource is created by this method, where partnerName is the name of the partner to be created.

Request

Supported Media Types

• application/json
• application/xml
• text/xml

Path Parameters

• partnerName: string
  IDP Partner name

Body ()

IDP Partner details

Root Schema : idpPartnerData

Type: object

Data-Set of IDP Partner

Show Source

• adminFedInstanceType: string
  adminFedInstanceType for the IDP Partner
• assertionConsumerURL: string
  the URL that will be used by the IdP to redirect the user to the SP for the SSO Artifact profile with the SAML Artifact
• attributeLDAP: string
  indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
• attributeSAML: string
  indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping
• encryptionCert: string
  the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages
• encryptionKeystoreAccessTemplateId: string
  indicates the Keystore access template id to be used in encryption certificate. The default value is osts_encryption if this parameter has not been set
• faWelcomePage: string
  the default relay state to set in that IdP partner entry
• generateNewKeys: string
  Allowed Values: [ "true", "false" ]

  indicates whether or not new keys and corresponding self signed certificates should be generated for SAML operations, indicates if new cryptographic materials should be re-generated
• logoutRequestURL: string
  the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML
• logoutResponseURL: string
  the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse
• metadataB64: string
  the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, idpmetadataurl will be used. If missing, the assertionConsumerServiceArtifactURL, assertionConsumerServicePOSTURL, logoutRequestURL, logoutResponseURL, signingCert and encryptionCert fields must be set, otherwise those fields will be ignored
• metadataURL: string
  URL where the IdP metadata can be downloaded
• nameIDFormat: string
  Allowed Values: [ "emailaddress", "unspecified" ]

  the NameID format used during Federation SSO, emailaddress or unspecified. If emailaddress, then the NameID value of an Assertion created by the IdP will contain the user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user's ID
• partnerName: string
  the partner name to be used
• partnerType: string
  Allowed Values: [ "idp" ]

  Partner Type
• preverify: boolean
  will test the data-set of idp partner but will not create the actual partner if set to 'true'
• providerID: string
  the IdP's ProviderID
• signatureDigestAlgorithm: string
  indicates SAML signature hashing algorithm to be used. Possible values are SHA-1 or SHA-256. The default value is SHA-1 if this parameter has not been set
• signingCert: string
  the Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions
• signingKeystoreAccessTemplateId: string
  indicates the Keystore access template id to be used in signing certificate. The default value is osts_signing if this parameter has not been set
• ssoProfile: string
  Allowed Values: [ "artifact", "httppost" ]

  the SAML 2.0 SSO profile to use
• ssoSOAPURL: string
  the SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile
• ssoURL: string
  the SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile
• succinctID: string
  the SHA-1 hash of the ProviderID
• tenantName: string
  the customer's tenant name in the targeted service. For example, the customer ACME Corp might be known in PaaS as acme and in Taleo as acmecorp. (only used if OIF is multi tenant enabled)
• tenantURL: string
  the customers' tenant URL path. (only used if OIF is multi tenant enabled)
• validityNewKeys: string
  indicates the validity in days of the self signed certificates

{
    "description":"Data-Set of IDP Partner",
    "type":"object",
    "properties":{
        "metadataB64":{
            "type":"string",
            "description":"the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, idpmetadataurl will be used. If missing, the assertionConsumerServiceArtifactURL, assertionConsumerServicePOSTURL, logoutRequestURL, logoutResponseURL, signingCert and encryptionCert fields must be set, otherwise those fields will be ignored"
        },
        "metadataURL":{
            "type":"string",
            "description":"URL where the IdP metadata can be downloaded"
        },
        "partnerType":{
            "type":"string",
            "description":"Partner Type",
            "enum":[
                "idp"
            ]
        },
        "tenantName":{
            "type":"string",
            "description":"the customer's tenant name in the targeted service. For example, the customer ACME Corp might be known in PaaS as acme and in Taleo as acmecorp. (only used if OIF is multi tenant enabled)"
        },
        "tenantURL":{
            "type":"string",
            "description":"the customers' tenant URL path. (only used if OIF is multi tenant enabled)"
        },
        "partnerName":{
            "type":"string",
            "description":"the partner name to be used"
        },
        "nameIDFormat":{
            "type":"string",
            "description":"the NameID format used during Federation SSO, emailaddress or unspecified. If emailaddress, then the NameID value of an Assertion created by the IdP will contain the user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user's ID",
            "enum":[
                "emailaddress",
                "unspecified"
            ]
        },
        "ssoProfile":{
            "type":"string",
            "description":"the SAML 2.0 SSO profile to use",
            "enum":[
                "artifact",
                "httppost"
            ]
        },
        "attributeLDAP":{
            "type":"string",
            "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
        },
        "attributeSAML":{
            "type":"string",
            "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping"
        },
        "faWelcomePage":{
            "type":"string",
            "description":"the default relay state to set in that IdP partner entry"
        },
        "generateNewKeys":{
            "type":"string",
            "description":"indicates whether or not new keys and corresponding self signed certificates should be generated for SAML operations, indicates if new cryptographic materials should be re-generated",
            "enum":[
                "true",
                "false"
            ]
        },
        "validityNewKeys":{
            "type":"string",
            "description":"indicates the validity in days of the self signed certificates"
        },
        "preverify":{
            "type":"boolean",
            "description":"will test the data-set of idp partner but will not create the actual partner if set to 'true'"
        },
        "providerID":{
            "type":"string",
            "description":"the IdP's ProviderID"
        },
        "ssoURL":{
            "type":"string",
            "description":"the SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile"
        },
        "ssoSOAPURL":{
            "type":"string",
            "description":"the SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile"
        },
        "logoutRequestURL":{
            "type":"string",
            "description":"the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML"
        },
        "logoutResponseURL":{
            "type":"string",
            "description":"the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse"
        },
        "assertionConsumerURL":{
            "type":"string",
            "description":"the URL that will be used by the IdP to redirect the user to the SP for the SSO Artifact profile with the SAML Artifact"
        },
        "succinctID":{
            "type":"string",
            "description":"the SHA-1 hash of the ProviderID"
        },
        "signingCert":{
            "type":"string",
            "description":"the Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions"
        },
        "encryptionCert":{
            "type":"string",
            "description":"the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages"
        },
        "signatureDigestAlgorithm":{
            "type":"string",
            "description":"indicates SAML signature hashing algorithm to be used. Possible values are SHA-1 or SHA-256.  The default value is SHA-1 if this parameter has not been set"
        },
        "signingKeystoreAccessTemplateId":{
            "type":"string",
            "description":"indicates the Keystore access template id to be used in signing certificate. The default value is osts_signing if this parameter has not been set"
        },
        "encryptionKeystoreAccessTemplateId":{
            "type":"string",
            "description":"indicates the Keystore access template id to be used in encryption certificate. The default value is osts_encryption if this parameter has not been set"
        },
        "adminFedInstanceType":{
            "type":"string",
            "description":"adminFedInstanceType for the IDP Partner"
        }
    }
}

Response

Supported Media Types

• application/json

200 Response

OK

Body ()

Status Response

Root Schema : statusResponse

Type: object

Status Response

Show Source

• status: integer(int32)
  Status Code: 1 for success and 0 for failure
• statusMessage: string
  Status Message

{
    "description":"Status Response",
    "properties":{
        "status":{
            "type":"integer",
            "format":"int32",
            "description":"Status Code: 1 for success and 0 for failure"
        },
        "statusMessage":{
            "type":"string",
            "description":"Status Message"
        }
    }
}

400 Response

Bad Request.

500 Response

INTERNAL SERVER ERROR.