Type Alias CreateSAMLPayload

Payload for creating a SAML compatible identity provider.

type CreateSAMLPayload = {
    clockToleranceSec?: number;
    createNewUsersOnLogin?: boolean;
    description?: string;
    interactive: boolean;
    options?: {
        allowIdpInitiatedLogin?: boolean;
        certificates?: CertificateInfo[];
        claimsMapping: ClaimsMappingSAML;
        entityId?: string;
        metadata?: { raw: string };
        nameIdFormat?:
            | "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
            | "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
            | "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
        signOnUrl?: string;
    };
    pendingOptions?: {
        allowIdpInitiatedLogin?: boolean;
        certificates?: CertificateInfo[];
        claimsMapping: ClaimsMappingSAML;
        entityId?: string;
        metadata?: { raw: string };
        nameIdFormat?:
            | "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
            | "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
            | "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
        signOnUrl?: string;
    };
    postLogoutRedirectUri?: string;
    protocol: "SAML";
    provider: "okta"
    | "generic"
    | "adfs"
    | "azureAD";
    skipVerify?: boolean;
    tenantIds?: string[];
}
Index

Properties

clockToleranceSec? createNewUsersOnLogin? description? interactive options? pendingOptions? postLogoutRedirectUri? protocol provider skipVerify? tenantIds?

Properties

clockToleranceSec?: number

There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.

createNewUsersOnLogin?: boolean

Tells the consumer of the IdP that new users should be created on login if they don't exist.

description?: string
interactive: boolean

Indicates whether the IdP is meant for interactive login. Must be true for SAML IdPs.

options?: {
    allowIdpInitiatedLogin?: boolean;
    certificates?: CertificateInfo[];
    claimsMapping: ClaimsMappingSAML;
    entityId?: string;
    metadata?: { raw: string };
    nameIdFormat?:
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        | "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
    signOnUrl?: string;
}

Required SAML configurations for IdPs with skipVerify flag enabled.

Type Declaration

  • OptionalallowIdpInitiatedLogin?: boolean

    Toggle to allow IdP initated login by the SAML IdP.

  • Optionalcertificates?: CertificateInfo[]

    The certificates used for validating signed responses. Required if metadata is not provided.

  • claimsMapping: ClaimsMappingSAML

    Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

  • OptionalentityId?: string

    The entity ID for the SAML IdP. Required if metadata is not provided.

  • Optionalmetadata?: { raw: string }

    Metadata for the SAML IdP. Required if individual SAML parameters are not provided.

    • raw: string

      The IDP metadata XML in base64-encoded format.

  • OptionalnameIdFormat?:
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        | "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

    The name identifier format that will be requested from the identity provider.

  • OptionalsignOnUrl?: string

    The sign on URL for the SAML IdP. Required if metadata is not provided.

pendingOptions?: {
    allowIdpInitiatedLogin?: boolean;
    certificates?: CertificateInfo[];
    claimsMapping: ClaimsMappingSAML;
    entityId?: string;
    metadata?: { raw: string };
    nameIdFormat?:
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        | "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
    signOnUrl?: string;
}

Required configurations for SAML IdPs that require verification.

Type Declaration

  • OptionalallowIdpInitiatedLogin?: boolean

    Toggle to allow IdP initated login by the SAML IdP.

  • Optionalcertificates?: CertificateInfo[]

    The certificates used for validating signed responses. Required if metadata is not provided.

  • claimsMapping: ClaimsMappingSAML

    Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

  • OptionalentityId?: string

    The entity ID for the SAML IdP. Required if metadata is not provided.

  • Optionalmetadata?: { raw: string }

    Metadata for the SAML IdP. Required if individual SAML parameters are not provided.

    • raw: string

      The IDP metadata XML in base64-encoded format.

  • OptionalnameIdFormat?:
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        | "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        | "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

    The name identifier format that will be requested from the identity provider.

  • OptionalsignOnUrl?: string

    The sign on URL for the SAML IdP. Required if metadata is not provided.

postLogoutRedirectUri?: string

Direct the user on logout to a specific URI.

protocol: "SAML"

The protocol to be used for communicating with the identity provider.

provider: "okta" | "generic" | "adfs" | "azureAD"

The identity provider to be used.

skipVerify?: boolean

If set to true, skips IdP verification process and assumes the IdP is verified.

tenantIds?: string[]

The tenant identifiers that map to the given IdP.

Settings

Member Visibility

On This Page

Properties