Get Ncloud Single Sign-On metadata

Prev Next

Available in Classic and VPC

Get Ncloud Single Sign-On's metadata.

Request

This section describes the request format. The method and URI are as follows:

Method URI
GET /api/v1/tenant/saml-idp/sp-metadata

Request headers

For information about the headers common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On request headers.

Request example

The request example is as follows:

curl --location --request GET 'https://sso.apigw.ntruss.com/api/v1/tenant/saml-idp/sp-metadata' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
EntityDescriptor.xmlns:md String - XML namespace information
  • urn:oasis:names:tc:SAML:2.0:metadata (valid value)
EntityDescriptor.ID String - Entity descriptor's unique identifier
EntityDescriptor.entityID String - SP entity's unique identifier
EntityDescriptor.SPSSODescriptor.AuthnRequestsSigned Boolean - Whether to sign AuthnRequest
  • true | false
    • true: sign
    • false: not sign
EntityDescriptor.SPSSODescriptor.WantAssertionsSigned Boolean - Whether to sign the assertion
  • true | false
    • true: sign
    • false: not sign
EntityDescriptor.SPSSODescriptor.protocolSupportEnumeration String - Supported protocol
  • urn:oasis:names:tc:SAML:2.0:protocol (valid value)
EntityDescriptor.SPSSODescriptor.KeyDescriptor.use String - Certificate purpose
  • signing (valid value)
EntityDescriptor.SPSSODescriptor.KeyDescriptor.KeyInfo.xmlns:ds String - KeyInfo namespace information
  • http://www.w3.org/2000/09/xmldsig# (valid value)
EntityDescriptor.SPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate String - X.509 certificate for IdP signing
EntityDescriptor.SPSSODescriptor.NameIDFormat String - Supported NameID format
  • urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (valid value)
EntityDescriptor.SPSSODescriptor.AssertionConsumerService.Binding String - Protocol binding information for SAML login
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST: HTTP-POST method
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect: HTTP-Redirect method
EntityDescriptor.SPSSODescriptor.AssertionConsumerService.Location String - SAML login URL mapped to the binding protocol
EntityDescriptor.SPSSODescriptor.AssertionConsumerService.index String - Index of protocol binding service for SAML login

Response status codes

For information about the response status codes common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On response status codes.

Response example

The response example is as follows:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_9d507b3************c4394e7654c" entityID="https://sso.ncloud.com/tenants/bc1fb745-****-****-****-9fc9f7c16369">
  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MII******************vkhgLE=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.ncloud.com/tenants/bc1fb745-****-****-****-9fc9f7c16369/saml/acs" index="0"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sso.ncloud.com/tenants/bc1fb745-****-****-****-9fc9f7c16369/saml/acs" index="1"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>