MENU
      External IDP metadata parsing

        External IDP metadata parsing


        Article summary

        You can parse metadata of external SAML IDP.

        Requests

        • POST /tenant/saml-idp/metadata-parsing

        Request bodies

        <?xml version="1.0" encoding="UTF-8"?>
        <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                             entityID="string">
            <md:IDPSSODescriptor WantAuthnRequestsSigned="boolean"
                                 protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                <md:KeyDescriptor use="signing">
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:X509Data>
                            <ds:X509Certificate>
                                string
                            </ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                </md:KeyDescriptor>
                <md:NameIDFormat/>
                <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                                        Location="string"/>
                <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                                        Location="string"/>
            </md:IDPSSODescriptor>
        </md:EntityDescriptor>
        XML
        ParametersRequirement statusTypeDescriptionRestrictions
        EntityDescriptor.xmlns:mdYStringXML namespaceurn:oasis:names:tc:SAML:2.0:metadata
        EntityDescriptor.entityIDYStringIDP entityId
        EntityDescriptor.IDPSSODescriptor.WantAuthnRequestsSignedNBooleanWhether signature is included in AuthnRequest
        EntityDescriptor.IDPSSODescriptor.protocolSupportEnumerationYStringSupported protocolsurn:oasis:names:tc:SAML:2.0:protocol
        EntityDescriptor.IDPSSODescriptor.KeyDescriptor.useYStringPurpose of certificatesigning
        EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.xmlns:dsYStringKeyInfo namespacehttp://www.w3.org/2000/09/xmldsig#
        EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509CertificateYStringX509 certificate for IDP signature
        EntityDescriptor.IDPSSODescriptor.SingleSignOnService.BindingYStringProtocol binding information for SAML login(urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
        EntityDescriptor.IDPSSODescriptor.SingleSignOnService.LocationYStringSAML login URL mapped in the binding protocol

        Responses

        Response bodies

        {
            "signRequest": "boolean",
            "idpSigninUrl": "string",
            "idpIssuerUrl": "string",
            "idpCert": "string",
            "signRequestAlgorithm": "string",
            "signResponseAlgorithm": "string",
            "protocolBinding": "string"
        }
        JSON
        ParametersRequirement statusTypeDescriptionRestrictions
        signRequestYBooleanWhether signature is included in AuthnRequest
        idpSigninUrlYStringIdp SigninUrl
        idpIssuerUrlYStringIdp IssuerUrl
        idpCertYStringIdp Cert
        signRequestAlgorithmNStringsignRequestAlgorithmRequired if signRequest is true (SHA-1, SHA-256)
        signResponseAlgorithmYStringsignResponseAlgorithm(SHA-1, SHA-256)
        protocolBindingYStringprotocolBinding(HTTP-POST, HTTP-REDIRECT)

        Errors

        Errors that may occur while using this action are listed below. For error response format, see ErrorResponse.
        For more information on common errors, see NAVER Cloud Platform API.

        HTTP status codeError codeError message
        4009024Metadata has an invalid format.
        4009025Metadata includes no certificate information for signature.
        4009026Metadata includes at least two certificates for signature.
        4009027Metadata has no SingleSignOnService Binding.
        4009028Metadata has no SingleSignOnService Location.
        4009029Metadata has no entityId.
        4009030Metadata has no IDPSSODescriptor.
        4009031Metadata has no SingleSignOnService.
        4009032Metadata has no SingleSignOnService POST binding or Redirect binding.
        4009033The idpSigninUrl value is not in the URL format.
        4009034Metadata has no KeyInfo.

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.