v1-v3 APIs have been deprecated
Don't worry, these APIs are deprecated, but they aren't shut off yet.
All new development with APIs should use the newest version of our API: /1. API /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.
Generate SAML Assertion
Generate a SAML assertion based on OneLogin user authentication values.
For an example of what you can do with this API, see Use the OneLogin SAML Assertion API with AWS STS.
Resource URL
https://api.onelogin.com/api/v3/saml/assertion
Parameters
Content-Type required string |
Set to application/json . |
api_key required string |
API key assigned to the OneLogin account that contains the user and app for which you want to generate a SAML token. |
username required string |
If you have a subdomain defined, you can set this to the If you do not have a subdomain defined, you must set this to the user’s |
password required string |
Password of the OneLogin user accessing the app for which you want to generate a SAML token. |
app_id required integer |
App ID of the app for which you want to generate a SAML token. This is the app ID in OneLogin. |
Sample Response
- 200 OK
- 400 Bad Request
- 401 Unauthorized
- 404 Not Found
{
"status": {
"type": "success",
"message": "Success",
"error": false,
"code": 200
},
"data":
"XXXxxXxxXxXxx1XxxX1XxxxX1xXxXxxXx1XxXxxxxxXXXxxxxxXX11xxx1XxxXXXXxXXxx..."
}
<error>
<message>API key is invalid or missing</message>
<code>invalid_or_missing_api_key</code>
</error>
//Here are a few different errors that will return a 401 Unauthorized status code:
--------------------------------------------------------
//Indicates that the username and|or password value is incorrect.
{
"status": {
"type": "Unauthorized",
"message": "Authentication Failed",
"error": true,
"code": 401
}
}
--------------------------------------------------------
//Indicates that the user has an account in the app, but his access has been disabled.
{
"status": {
"type": "Unauthorized",
"message": "User is not authorized to access App",
"error": true,
"code": 401
}
}
//Here are a few different errors that will return a 404 Not Found status code:
--------------------------------------------------------
//Indicates that the user exists in OneLogin, but does not have an account in the app.
{
"status": {
"type": "error",
"message": "Login could not be found",
"error": true,
"code": 404
}
}
--------------------------------------------------------
{
"status": {
"type": "error",
"message": "User could not be found",
"error": true,
"code": 404
}
}
--------------------------------------------------------
{
"status": {
"type": "error",
"message": "App could not be found",
"error": true,
"code": 404
}
}
Response Elements
|
Status of the request. |
|
Type of status. Valid values are:
|
|
Response status details. |
|
Valid values are:
|
|
Valid values align with HTTP status codes. For example, |
|
Provides the SAML assertion. |
Sample cURL Request
Be sure to replace placeholder values surrounded by < >
with actual values.
curl -X POST -H "Content-Type: application/json" \
-d '{
"api_key": "<api_key>",
"username": "<email>",
"password": "<password>",
"app_id": "<app_id>"
}' \
https://api.onelogin.com/api/v3/saml/assertion
Postman Collection
Replace sample variables indicated by < >
in the sample request body with your actual values. Also, be sure to set Postman-specific environment variables indicated by {{ }}
.
Download for the Generate SAML Assertion API
Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.