External IDP metadata parsing

Article summary

Did you find this summary helpful?

Thank you for your feedback

You can parse metadata of external SAML IDP.

Requests

POST /tenant/saml-idp/metadata-parsing

Request bodies

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                     entityID="string">
    <md:IDPSSODescriptor WantAuthnRequestsSigned="boolean"
                         protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>
                        string
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:NameIDFormat/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                                Location="string"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                                Location="string"/>
    </md:IDPSSODescriptor>
</md:EntityDescriptor>

Parameters	Requirement status	Type	Description	Restrictions
EntityDescriptor.xmlns:md	Y	String	XML namespace	urn:oasis:names:tc:SAML:2.0:metadata
EntityDescriptor.entityID	Y	String	IDP entityId
EntityDescriptor.IDPSSODescriptor.WantAuthnRequestsSigned	N	Boolean	Whether signature is included in AuthnRequest
EntityDescriptor.IDPSSODescriptor.protocolSupportEnumeration	Y	String	Supported protocols	urn:oasis:names:tc:SAML:2.0:protocol
EntityDescriptor.IDPSSODescriptor.KeyDescriptor.use	Y	String	Purpose of certificate	signing
EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.xmlns:ds	Y	String	KeyInfo namespace	http://www.w3.org/2000/09/xmldsig#
EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate	Y	String	X509 certificate for IDP signature
EntityDescriptor.IDPSSODescriptor.SingleSignOnService.Binding	Y	String	Protocol binding information for SAML login	(urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
EntityDescriptor.IDPSSODescriptor.SingleSignOnService.Location	Y	String	SAML login URL mapped in the binding protocol

Responses

Response bodies

{
    "signRequest": "boolean",
    "idpSigninUrl": "string",
    "idpIssuerUrl": "string",
    "idpCert": "string",
    "signRequestAlgorithm": "string",
    "signResponseAlgorithm": "string",
    "protocolBinding": "string"
}

Parameters	Requirement status	Type	Description	Restrictions
signRequest	Y	Boolean	Whether signature is included in AuthnRequest
idpSigninUrl	Y	String	Idp SigninUrl
idpIssuerUrl	Y	String	Idp IssuerUrl
idpCert	Y	String	Idp Cert
signRequestAlgorithm	N	String	signRequestAlgorithm	Required if signRequest is true (SHA-1, SHA-256)
signResponseAlgorithm	Y	String	signResponseAlgorithm	(SHA-1, SHA-256)
protocolBinding	Y	String	protocolBinding	(HTTP-POST, HTTP-REDIRECT)

Errors

Errors that may occur while using this action are listed below. For error response format, see ErrorResponse.
For more information on common errors, see NAVER Cloud Platform API.

HTTP status code	Error code	Error message
400	9024	Metadata has an invalid format.
400	9025	Metadata includes no certificate information for signature.
400	9026	Metadata includes at least two certificates for signature.
400	9027	Metadata has no SingleSignOnService Binding.
400	9028	Metadata has no SingleSignOnService Location.
400	9029	Metadata has no entityId.
400	9030	Metadata has no IDPSSODescriptor.
400	9031	Metadata has no SingleSignOnService.
400	9032	Metadata has no SingleSignOnService POST binding or Redirect binding.
400	9033	The idpSigninUrl value is not in the URL format.
400	9034	Metadata has no KeyInfo.

Was this article helpful?

What's Next

Viewing metadata of Ncloud Single Sign-On

Table of contents

Requests
Responses
Errors