Attribute mapping


SAML Applications attribute mapping API operations

The SAML Applications attribute mapping endpoints support the following operations:

For hands-on experience with the Applications API endpoints, click the Run in Postman button below to download a Postman collection that you can import and open in your local Postman application.

Applications SAML settings data model

Property Description
acsUrls A string that specifies the assertion consumer service URLs.
assertionDuration An integer that specifies the maximum amount of time that an assertion is valid.
name A string that specifies the name of SAML attribute and must be unique within an application. The saml_subject name is a reserved case-insensitive name which indicates the mapping to be used for the subject in an assertion. This is a required property.
required A boolean that indicates if the attribute is mandatory to include the attribute in SAML assertion response. If true, and the attribute does have a value when building the assertion, the SSO flow will fail.
sloEndpoint A string that specifies the SAML single logout endpoint URL. This property is required.
sloResponseEndpoint A string that specifies the single logout response URL. This property is optional.
spEntityId A string that specifies the service provider’s entity ID.
value A string that specifies the string constants or expression for mapping the attribute path against a specific source. The expression format is: ${.<attribute_path>}. The only supported source is user (for example, ${user.id}). This is a required property.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
403 You do not have permissions or are not licensed to make this request.
404 The requested resource was not found.
409 A resource with the specified name already exists.
500 An unexpected error occurred.

Note: You need the Client Application Developer role to perform operations on application resources.

Endpoint examples

Get SAML attributes

The GET /environments/{environmentId}/applications/{applicationId}/attributes endpoint returns a list of all SAML attributes for the application specified by its ID in the request URL.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes"
        }
    },
    "_embedded": {
        "attributes": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
                    }
                },
                "name": "username",
                "value": "${user.id}",
                "required": false,
                "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
                "environment": {
                    "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
                },
                "application": {
                    "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
                }
            }
        ]
    },
    "size": 1
}

If the application does not include any SAML attributes, the response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes"
        }
    },
    "_embedded": {
        "attributes": []
    },
    "size": 0
}

Get one SAML attribute

To get data for a single SAML attribute associated with an application resource, the GET /environments/{environmentId}/applications/{applicationId}/attributes/{attributeId} operation returns data only for the application resource with the specified ID.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes/{attributeId}" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646"
        }
    },
    "name": "username",
    "value": "${user.username}",
    "required": false,
    "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
    "environment": {
        "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
    },
    "application": {
        "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
    }
}

Add SAML attributes

The POST /environments/{environmentId}/applications/{applicationId}/attributes operation adds a new SAML attribute to the application resource specified by its ID in the request URL.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
	"name": "username",
	"value": "${user.username}",
	"required": false
}'

In the request body, the name and value attributes are required. All other attribute values are optional for the POST request.

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646"
        }
    },
    "name": "username",
    "value": "${user.username}",
    "required": false,
    "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
    "environment": {
        "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
    },
    "application": {
        "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
    }
}

Update SAML attributes

The PUT /environments/{environmentId}/applications/{applicationId}/attributes/{attributeId} operation updates the SAML attribute specified by its ID in the request URL.

curl -X "PUT" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes/{attributeId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
	"name": "username",
	"value": "${user.id}",
	"required": true
}'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646/attributes/9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/912588d4-0d58-4cff-8e3b-cf9b7325b9f7/applications/a813421c-170b-49de-8627-0c3fbbe8a646"
        }
    },
    "name": "username",
    "value": "${user.id}",
    "required": true,
    "id": "9ad3f0ad-2d89-492b-8a82-ad9d51a5ed30",
    "environment": {
        "id": "912588d4-0d58-4cff-8e3b-cf9b7325b9f7"
    },
    "application": {
        "id": "a813421c-170b-49de-8627-0c3fbbe8a646"
    }
}

Delete SAML attributes

To delete a SAML attribute associated with an application resource, you need to specify the the application resource ID and the attribute ID. The DELETE /environments/{environmentId}/applications/{applicationId}/attributes/{attributeId} operation deletes the identified SAML attribute from the specified application.

curl -X "DELETE" "https://api.pingone.com/v1/environments/{environmentId}/applications/{applicationId}/attributes/{attributeId}" \
-H 'Authorization: Bearer jwtToken'

For successful delete operations, a 204 NO CONTENT message is returned by the request.