ApplicationExperience

SAML: Login URL

The SAML: Login URL Node allows a workflow to create a login URL for a Security Assertion Markup Language 2.0 (SAML) single sign-on (SSO) identity provider.

SAML: Login URL Node

Node Properties

The configuration for the The SAML: Login URL Node requires two SAML 2.0 metadata XMLs.

SAML: Login URL Node Configuration

Configuration

Service Provider Metadata Template

An XML EntityDescriptor describing the service provider - this field supports templating. Here is an example:

<EntityDescriptor
  xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  entityID="saml-poc">
  <SPSSODescriptor
    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <!-- insert ds:Signature element (omitted) -->
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    <AssertionConsumerService
      isDefault="true"
      index="0"
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="http://example.com/saml/assert"/>
  </SPSSODescriptor>
</EntityDescriptor>

Identity Provider Metadata Template

An XML EntityDescriptor describing the identity provider - this field supports templating. Here is an example:

<EntityDescriptor
  xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  entityID="https://example.com/saml2/idp/metadata.php">
  <IDPSSODescriptor
    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <!-- insert ds:Signature element (omitted) -->
    <SingleLogoutService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      Location="http://example.com/saml2/idp/SingleLogoutService.php"/>
    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
    <SingleSignOnService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      Location="https://example.com/saml2/idp/login.php"/>
  </IDPSSODescriptor>
</EntityDescriptor>

Result Path

It is required you specify where on the payload path you want the created SAML login URL to be placed. If the creation is successful it will store the URL in an object with a redirectUrl property at this path. If the URL creation errors, the result will be an object with an error property.

Node Example

Here’s an example output from running the above workflow …

{
  "working": {
    "saml": {
      "redirectUrl": "https://example.com/saml2/idp/login.php/Nnr5wYbUCAZ86sGrTA7sKJBzKfsjb9LX?..."
    },
    ...
  },
  ...
}

Node Errors

The following is an example of a failed operation:

{
  "working": {
    "saml": {
      "error": {
        "message": "Multiple metadata entitydescriptor"
      },
    }
    ...
  },
  ...
}

Was this page helpful?


Still looking for help? You can also search the Losant Forums or submit your question there.