You can also initiate the authentication session the SAML single sign-on action through a POST request. The following sample shows the POST /{environmentId}/saml20/idp/sso operation to start the sign-on flow:

The request URL includes the SAMLRequest parameter to pass in the encoded SAML authentication request information. Here is a sample SAML <AuthnRequest> in plain text:

<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="identifier_1"
    Version="2.0"
    IssueInstant="2004-12-05T09:21:59">
    <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
  </samlp:AuthnRequest>

For SAML assertions, PingOne supports the following Subject NameID formats:

Format Description
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified The Subject’s NameID format is not specified.
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress The Subject’s NameID format is in the form of an email address.
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent The Subject’s NameID format is an opaque unique identifier for a user that retains the same value over time.
urn:oasis:names:tc:SAML:2.0:nameid-format:transient The Subject’s NameID format is a randomly generated identifier. A different value is used for each SSO for a given user.