The GET /{{envID}}/saml20/idp/sso
operation initiates the SAML single sign-on action through a GET
request. In the request URL, the SAMLRequest
parameter contains the encoded SAML authentication request information.
Here is a sample SAML <AuthnRequest>
in plain text:
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="identifier_1"
Version="2.0"
IssueInstant="2004-12-05T09:21:59">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
</samlp:AuthnRequest>
For SAML assertions, PingOne supports the following Subject NameID
formats:
Format | Description |
---|---|
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
The Subject’s NameID format is not specified. |
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
The Subject’s NameID format is in the form of an email address. |
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent |
The Subject’s NameID format is an opaque unique identifier for a user that retains the same value over time. |
urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
The Subject’s NameID format is a randomly generated identifier. A different value is used for each SSO for a given user. |
Parameter | Description |
---|---|
RelayState |
Passes the defaultTarget information to the IdP. |
SAMLRequest |
The encoded SAML authentication request information. |