The GET /{{envID}}/saml20/idp/sso operation initiates the SAML single sign-on action through a GET request. In the request URL, the SAMLRequest parameter contains the encoded SAML authentication request information.

Here is a sample SAML <AuthnRequest> in plain text:

<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="identifier_1"
    Version="2.0"
    IssueInstant="2004-12-05T09:21:59">
    <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
  </samlp:AuthnRequest>

For SAML assertions, PingOne supports the following Subject NameID formats:

Format Description
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified The Subject’s NameID format is not specified.
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress The Subject’s NameID format is in the form of an email address.
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent The Subject’s NameID format is an opaque unique identifier for a user that retains the same value over time.
urn:oasis:names:tc:SAML:2.0:nameid-format:transient The Subject’s NameID format is a randomly generated identifier. A different value is used for each SSO for a given user.
Parameter Description
RelayState Passes the defaultTarget information to the IdP.
SAMLRequest The encoded SAML authentication request information.