aam authentication saml service-provider¶

Authentication service provider

service-provider Specification¶

Type Collection

Object Key(s) name

Collection Name service-provider-list

Collection URI /axapi/v3/aam/authentication/saml/service-provider

Element Name service-provider

Element URI /axapi/v3/aam/authentication/saml/service-provider/{name}

Element Attributes service-provider_attributes

Statistics Data URI /axapi/v3/aam/authentication/saml/service-provider/{name}/stats

Schema service-provider schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/aam/authentication/saml/service-provider	service-provider attributes
Create List	POST	/axapi/v3/aam/authentication/saml/service-provider	service-provider attributes
Get Object	GET	/axapi/v3/aam/authentication/saml/service-provider/{name}	service-provider attributes
Get List	GET	/axapi/v3/aam/authentication/saml/service-provider	service-provider-list
Modify Object	POST	/axapi/v3/aam/authentication/saml/service-provider/{name}	service-provider attributes
Replace Object	PUT	/axapi/v3/aam/authentication/saml/service-provider/{name}	service-provider attributes
Replace List	PUT	/axapi/v3/aam/authentication/saml/service-provider	service-provider-list
Delete Object	DELETE	/axapi/v3/aam/authentication/saml/service-provider/{name}	service-provider attributes

service-provider-list¶

service-provider-list is JSON List of service-provider attributes

service-provider-list : [

{ service-provider attributes },

{ service-provider attributes },

…

]

service-provider attributes¶

SP-initiated-single-logout-service

Type: List

acs-uri-bypass

Description After user authenticated, bypass requests with assertion-consuming-service location URI

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

adfs-ws-federation

Description: adfs-ws-federation is a JSON Block. Please see below for adfs-ws-federation

Type: Object

artifact-resolution-service

Type: List

assertion-consuming-service

Type: List

bad-request-redirect-url

Description Specify URL to redirect

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

certificate

Description SAML service provider certificate file (PFX format is required.)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

entity-id

Description SAML service provider entity ID

Type: string

Format: string-rlx

Maximum Length: 1023 characters

Maximum Length: 1 characters

metadata-export-service

Description: metadata-export-service is a JSON Block. Please see below for metadata-export-service

Type: Object

name

Description Specify SAML authentication service provider name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

packet-capture-template

Description Name of the packet capture template to be bind with this object

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-saml-service-prov-tmpl

require-assertion-signed

Description: require-assertion-signed is a JSON Block. Please see below for require-assertion-signed

Type: Object

saml-request-signed

Description: saml-request-signed is a JSON Block. Please see below for saml-request-signed

Type: Object

sampling-enable

Type: List

service-url

Description SAML service provider service URL (ex. https://www.a10networks.com/saml.sso)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

signature-algorithm

Description ‘SHA1’: use SHA1 as signature algorithm (default); ‘SHA256’: use SHA256 as signature algorithm;

Type: string

Supported Values: SHA1, SHA256

Default: SHA1

single-logout-service

Type: List

soap-tls-certificate-validate

Description: soap-tls-certificate-validate is a JSON Block. Please see below for soap-tls-certificate-validate

Type: Object

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

require-assertion-signed¶

Specification

Type object

require-assertion-signed-enable

Description Enable required signing of SAML assertion

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

single-logout-service¶

Specification

Type list

Block object keys

SLO-binding

Description ‘post’: POST binding of single logout service; ‘redirect’: Redirect binding of single logout service; ‘soap’: SOAP binding of single logout service;

Type: string

Supported Values: post, redirect, soap

SLO-location

Description The location of name-id management service. (ex. /SAML/POST)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

assertion-consuming-service¶

Specification

Type list

Block object keys

assertion-binding

Description ‘artifact’: Artifact binding of assertion consuming service; ‘paos’: PAOS binding of assertion consuming service; ‘post’: POST binding of assertion consuming service;

Type: string

Supported Values: artifact, paos, post

assertion-index

Description The index of assertion consuming service

Type: number

Range: 0-5

assertion-location

Description The location of assertion consuming service endpoint. (ex. /SAML/POST)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sampling-enable¶

Specification

Type list

Block object keys

counters1

Description ‘all’: all; ‘sp-metadata-export-req’: Metadata Export Request; ‘sp-metadata-export-success’: Metadata Export Success; ‘login-auth-req’: Login Authentication Request; ‘login-auth-resp’: Login Authentication Response; ‘acs-req’: SAML Single-Sign-On Request; ‘acs-success’: SAML Single-Sign-On Success; ‘acs-authz-fail’: SAML Single-Sign-On Authorization Fail; ‘acs-error’: SAML Single-Sign-On Error; ‘slo-req’: Single Logout Request; ‘slo-success’: Single Logout Success; ‘slo-error’: Single Logout Error; ‘sp-slo-req’: SP-initiated Single Logout Request; ‘glo-slo-success’: Total Global Logout Success; ‘loc-slo-success’: Total Local Logout Success; ‘par-slo-success’: Total Partial Logout Success; ‘other-error’: Other Error;

Type: string

Supported Values: all, sp-metadata-export-req, sp-metadata-export-success, login-auth-req, login-auth-resp, acs-req, acs-success, acs-authz-fail, acs-error, slo-req, slo-success, slo-error, sp-slo-req, glo-slo-success, loc-slo-success, par-slo-success, other-error

saml-request-signed¶

Specification

Type object

saml-request-signed-disable

Description Disable signing signature for SAML (Authn/Artifact Resolve) requests

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

SP-initiated-single-logout-service¶

Specification

Type list

Block object keys

SP-SLO-location

Description The location of SP-initiated single logout service endpoint. (ex. /Logout)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

asynchronous

Description the IDP will not send a logout response to AX

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

adfs-ws-federation¶

Specification

Type object

ws-federation-enable

Description Enable ADFS WS-Federation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

soap-tls-certificate-validate¶

Specification

Type object

soap-tls-certificate-validate-disable

Description Disable verification for server certificate in TLS session when resolving artificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

artifact-resolution-service¶

Specification

Type list

Block object keys

artifact-binding

Description ‘soap’: SOAP binding of artifact resolution service;

Type: string

Supported Values: soap

artifact-index

Description The index of artifact resolution service

Type: number

Range: 0-5

artifact-location

Description The location of artifact resolution service. (ex. /SAML/POST)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

metadata-export-service¶

Specification

Type object

md-export-location

Description Specify the URI to export SP metadata (Export URI. Default is /A10SP_Metadata)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sign-xml

Description Sign exported SP metadata XML with SP’s certificate

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

stats data¶

Counter	Size	Description

login-auth-req	8	Login Authentication Request
slo-error	8	Single Logout Error
sp-metadata-export-success	8	Metadata Export Success
par-slo-success	8	Total Partial Logout Success
acs-authz-fail	8	SAML Single-Sign-On Authorization Fail
loc-slo-success	8	Total Local Logout Success
slo-req	8	Single Logout Request
login-auth-resp	8	Login Authentication Response
slo-success	8	Single Logout Success
acs-success	8	SAML Single-Sign-On Success
acs-error	8	SAML Single-Sign-On Error
other-error	8	Other Error
glo-slo-success	8	Total Global Logout Success
acs-req	8	SAML Single-Sign-On Request
sp-metadata-export-req	8	Metadata Export Request
sp-slo-req	8	SP-initiated Single Logout Request