Skip to main content

sources_saml_list

GET 
/api/v3//sources/saml/

SAMLSource Viewset

Request

Query Parameters

    allow_idp_initiated boolean
    authentication_flow uuid
    binding_type string

    Possible values: [POST, POST_AUTO, REDIRECT]

    digest_algorithm string

    Possible values: [http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512]

    enabled boolean
    enrollment_flow uuid
    issuer string
    managed string
    name string
    name_id_policy string

    Possible values: [urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient]

    NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

    ordering string

    Which field to use when ordering the results.

    page integer

    A page number within the paginated result set.

    page_size integer

    Number of results to return per page.

    pbm_uuid uuid
    policy_engine_mode string

    Possible values: [all, any]

    pre_authentication_flow uuid
    search string

    A search term.

    signature_algorithm string

    Possible values: [http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512]

    signing_kp uuid
    slo_url string
    slug string
    sso_url string
    temporary_user_delete_after string
    user_matching_mode string

    Possible values: [email_deny, email_link, identifier, username_deny, username_link]

    How the source determines if an existing user should be authenticated or a new user enrolled.

    verification_kp uuid

Responses

Schema
    pagination objectrequired
    nextnumberrequired
    previousnumberrequired
    countnumberrequired
    currentnumberrequired
    total_pagesnumberrequired
    start_indexnumberrequired
    end_indexnumberrequired
    results object[]required
  • Array [
    • pkuuidrequired
    namestringrequired

    Source's display Name.

    slugstringrequired

    Internal source name, used in URLs.

    Possible values: <= 50 characters, Value must match regular expression ^[-a-zA-Z0-9_]+$

    enabledboolean
    authentication_flowuuidnullable

    Flow to use when authenticating existing users.

    enrollment_flowuuidnullable

    Flow to use when enrolling new users.

    user_property_mappingsuuid[]
    group_property_mappingsuuid[]
    componentstringrequired

    Get object component so that we know how to edit the object

    verbose_namestringrequired

    Return object's verbose_name

    verbose_name_pluralstringrequired

    Return object's plural verbose_name

    meta_model_namestringrequired

    Return internal model name

    policy_engine_modePolicyEngineMode (string)

    Possible values: [all, any]

    user_matching_modeUserMatchingModeEnum (string)

    How the source determines if an existing user should be authenticated or a new user enrolled.

    Possible values: [identifier, email_link, email_deny, username_link, username_deny]

    managedManaged by authentik (string)nullablerequired

    Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.

    user_path_templatestring
    iconstringrequired
    group_matching_modeGroupMatchingModeEnum (string)

    How the source determines if an existing group should be used or a new group created.

    Possible values: [identifier, name_link, name_deny]

    pre_authentication_flowuuidrequired

    Flow used before authentication.

    issuerstring

    Also known as Entity ID. Defaults the Metadata URL.

    sso_urlurirequired

    URL that the initial Login request is sent to.

    slo_urlurinullable

    Optional URL if your IDP supports Single-Logout.

    allow_idp_initiatedboolean

    Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.

    name_id_policyNameIdPolicyEnum (string)

    NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.

    Possible values: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:transient]

    binding_typeBindingTypeEnum (string)

    Possible values: [REDIRECT, POST, POST_AUTO]

    verification_kpuuidnullable

    When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

    signing_kpuuidnullable

    Keypair used to sign outgoing Responses going to the Identity Provider.

    digest_algorithmDigestAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512]

    signature_algorithmSignatureAlgorithmEnum (string)

    Possible values: [http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384, http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512, http://www.w3.org/2000/09/xmldsig#dsa-sha1]

    temporary_user_delete_afterDelete temporary users after (string)

    Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3).

    encryption_kpuuidnullable

    When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.

  • ]

Authorization: http

name: authentiktype: httpscheme: bearer
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "/api/v3/sources/saml/");
request.Headers.Add("Accept", "application/json");
request.Headers.Add("Authorization", "Bearer <token>");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Request Collapse all
Base URL
/api/v3
Auth
Parameters
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query
— query