Account Single Sign-on Configuration object
The Account Single Sign-on Configuration object represents the single sign-on options for an account.
note
The fields in this object correspond to the controls on the SSO Options tab of the Setup page.
Structure
<AccountSSOConfig accountId="" enabled="" idpUrl="" signoutRedirectUrl="" fedIdFromNameId="" certInfo="" nameIdPolicy=" fedIdFromNameId="false" authnContext="">
<certificate/>
</AccountSSOConfig>
| Field | Type | Description |
|---|---|---|
| Filter | Filter | Filter |
| accountId | string | The account ID. |
| authnContext | string | PPT - (Default) Password Protected Transport, requires a username and password for authentication UNSPECIFIED - Accepts any type of authentication |
| authnContextComparison | string | EXACT - The resulting authentication context in the authentication statement must be the exact match to at least one of the specified authentication contexts. MINUMUM - The resulting authentication context in the authentication statement must be at least as strong (as deemed by the responder) as one of the specified authentication contexts. |
| certificate | string | Base64-encoded certificate bytes for the identity provider. |
| certInfo | string | Metadata for the public certificate of the identity provider. |
| enabled | boolean | true — Enables single sign-on for the account. false — Disables single sign-on for the account. |
| fedIdFromNameId | boolean | true — The federation ID is in the NameID element of the Subject element in the SAML Response document. false— The federation ID is in the FEDERATION_ID Attribute element in the SAML Response document. |
| idpUrl | The URL of the identity provider's single sign-on service. | |
| nameIdPolicy | string | TRANSIENT — Indicates that the content of the element is a non-constant and temporary value that should not assume any standard meaning; the identifier confirms a user is granted access without revealing the user's actual name or identity UNSPECIFIED — Indicates that identity provider can interpret the NameID attribute; the identifier confirms a user is granted access and can reveal the user's real name or identity depending on how it is defined by identity provider. Important: Entering any value other than TRANSIENT or UNSPECIFIED for the nameIdPolicy results in an exception. As a service provider, does not interpret the NameID value; a user is identified by comparing the NameID value with the Federation ID value. |
| signoutRedirectUrl | string | After signing out of the, the URL that redirects the user. |
Supported operations
| GET | QUERY | CREATE | UPDATE | EXECUTE | DELETE |
|---|---|---|---|---|---|
| Supported | Not supported | Not supported | Supported | Not supported | Supported |
Notes:
-
The ordinary GET operation returns the Account Single Sign-on Configuration for the supplied account ID. The bulk GET operation returns the Account Single Sign-on Configuration for each supplied account ID, to a maximum of 100.
-
The UPDATE operation updates the Account Single Sign-on Configuration for the supplied account ID.
-
The DELETE operation deletes the Account Single Sign-on Configuration for the supplied account ID.
SOAP implementation
-
GET operation
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:api="http://api.platform.boomi.com/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>ATOMSPHERE_USER_NAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ATOMSPHERE_PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<api:get>
<api:objectType>AccountSSOConfig</api:objectType>
<api:objectId>account-123456</api:objectId>
</api:get>
</soapenv:Body>
</soapenv:Envelope>Response:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<bns:getResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bns="http://api.platform.boomi.com/">
<bns:result xsi:type="bns:AccountSSOConfig" accountId="account-123456" enabled="true" idpUrl="http://www.testsaml.com:8080/openam_954/SSOPOST/metaAlias/idp" signoutRedirectUrl="https://news.google.com" certInfo="test~~Sun~~OpenSSO~~null~~null~~US~~2018-01-12T19:19:39.000Z" fedIdFromNameId="false" nameIdPolicy="TRANSIENT" authnContext="PPT" >
<bns:certificate>LS0...</bns:certificate>
</bns:result>
</bns:getResponse>
</S:Body>
</S:Envelope> -
UPDATE operation
The following example updates the value of the fedIdFromNameId field to true and sets the nameIdPolicy to Transient.
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:api="http://api.platform.boomi.com/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>ATOMSPHERE_USER_NAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ATOMSPHERE_PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<api:update>
<object xsi:type="api:AccountSSOConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" accountId="account-123456" enabled="true" idpUrl="http://www.testsaml.com:8080/openam_954/SSOPOST/metaAlias/idp" signoutRedirectUrl="https://www.google.com" certInfo="test~~Sun~~OpenSSO~~null~~null~~US~~2018-01-12T19:19:39.000Z" fedIdFromNameId="false" nameIdPolicy="TRANSIENT" authnContext="PPT"
</object>
</api:update>
</soapenv:Body>
</soapenv:Envelope>Response:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<bns:updateResponse xmlns:bns="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<result xsi:type="bns:AccountSSOConfig" accountId="account-123456" enabled="true" idpUrl="http://www.testsaml.com:8080/openam_954/SSOPOST/metaAlias/idp" signoutRedirectUrl="https://www.google.com" certInfo="test~~Sun~~OpenSSO~~null~~null~~US~~2018-01-12T19:19:39.000Z" fedIdFromNameId="false" nameIdPolicy="TRANSIENT" authnContext="PPT" />
</bns:updateResponse>
</S:Body>
</S:Envelope> -
DELETE operation
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:api="http://api.platform.boomi.com/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>*ATOMSPHERE\_USER\_NAME*</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*ATOMSPHERE\_PASSWORD*</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<api:delete>
<!--Optional:-->
<objectType>AccountSSOConfig</objectType>
<!--Optional:-->
<objectId>account-123456</objectId>
</api:delete>
</soapenv:Body>
</soapenv:Envelope>Response:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<bns:deleteResponse xmlns:bns="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<bns:successful>true</bns:successful>
</bns:deleteResponse>
</S:Body>
</S:Envelope>
Was this topic helpful?
