See api-docs Menu

v1-v3 APIs have been deprecated.

Although these APIs are not shut off yet, all new development with APIs should use the newest version of our API if available, and the version /1 in all other cases. These later versions are based on RESTful principles, secured by OAuth 2.0, and provide JSON messages, search, pagination, sorting, and filtering.

Generate SAML Assertion

Generate a SAML assertion based on OneLogin user authentication values.

For an example of what you can do with this API, see Use the OneLogin SAML Assertion API with AWS STS.

Resource URL

Before calling this API, consider using its version /1 or version /2 equivalent.

https://api.onelogin.com/api/v3/saml/assertion

Parameters

Content-Type

required

string

Set to application/json.

api_key

required

string

API key assigned to the OneLogin account that contains the user and app for which you want to generate a SAML token.

username

required

string

If you have a subdomain defined, you can set this to the username or email of the OneLogin user accessing the app for which you want to generate a SAML token.

If you do not have a subdomain defined, you must set this to the user’s email only.

password

required

string

Password of the OneLogin user accessing the app for which you want to generate a SAML token.

app_id

required

integer

App ID of the app for which you want to generate a SAML token. This is the app ID in OneLogin.

Sample Response

{
"status": {
"type": "success",
"message": "Success",
"error": false,
"code": 200
},
"data":
 "XXXxxXxxXxXxx1XxxX1XxxxX1xXxXxxXx1XxXxxxxxXXXxxxxxXX11xxx1XxxXXXXxXXxx..."
}
<error>
   <message>API key is invalid or missing</message>
   <code>invalid_or_missing_api_key</code>
</error>
//Here are a few different errors that will return a 401 Unauthorized status code:
--------------------------------------------------------
//Indicates that the username and|or password value is incorrect.
{
   "status": {
       "type": "Unauthorized",
       "message": "Authentication Failed",
       "error": true,
       "code": 401
       }
}
--------------------------------------------------------
//Indicates that the user has an account in the app, but his access has been disabled.
{
   "status": {
       "type": "Unauthorized",
       "message": "User is not authorized to access App",
       "error": true,
       "code": 401
       }
}
//Here are a few different errors that will return a 404 Not Found status code:
--------------------------------------------------------
//Indicates that the user exists in OneLogin, but does not have an account in the app.
{
   "status": {
       "type": "error",
       "message": "Login could not be found",
       "error": true,
       "code": 404
       }
}
--------------------------------------------------------
{
   "status": {
       "type": "error",
       "message": "User could not be found",
       "error": true,
       "code": 404
       }
}
--------------------------------------------------------
{
   "status": {
       "type": "error",
       "message": "App could not be found",
       "error": true,
       "code": 404
       }
}

Response Elements

status

Status of the request.

type

Type of status.

Valid values are:

  • error
  • success

message

Response status details.

error

Valid values are:

  • true: Indicates that an error occurred.
  • false: Indicates that no errors occurred.

code

Valid values align with HTTP status codes. For example, 200, 400, 401, 404, and so forth.

data

Provides the SAML assertion.

Sample cURL Request

Be sure to replace placeholder values surrounded by < > with actual values.

curl -X POST -H "Content-Type: application/json" \
-d '{
    "api_key": "<api_key>",
    "username": "<email>",
    "password": "<password>",
    "app_id": "<app_id>"
    }' \
https://api.onelogin.com/api/v3/saml/assertion

Postman Collection

Run In Postman

    Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.