v1-v3 APIs have been deprecated.
Although these APIs are not shut off yet, all new development with APIs should use the newest version of our API if available, and the version /1 in all other cases. These later versions are based on RESTful principles, secured by OAuth 2.0, and provide JSON messages, search, pagination, sorting, and filtering.
Generate SAML Assertion
Generate a SAML assertion based on OneLogin user authentication values.
For an example of what you can do with this API, see Use the OneLogin SAML Assertion API with AWS STS.
Resource URL
Before calling this API, consider using its version /1 or version /2 equivalent.
https://api.onelogin.com/api/v3/saml/assertionParameters
Content-Type required string |
Set to application/json. |
api_key required string |
API key assigned to the OneLogin account that contains the user and app for which you want to generate a SAML token. |
username required string |
If you have a subdomain defined, you can set this to the If you do not have a subdomain defined, you must set this to the user’s |
password required string |
Password of the OneLogin user accessing the app for which you want to generate a SAML token. |
app_id required integer |
App ID of the app for which you want to generate a SAML token. This is the app ID in OneLogin. |
Sample Response
- 200 OK
- 400 Bad Request
- 401 Unauthorized
- 404 Not Found
{
"status": {
"type": "success",
"message": "Success",
"error": false,
"code": 200
},
"data":
"XXXxxXxxXxXxx1XxxX1XxxxX1xXxXxxXx1XxXxxxxxXXXxxxxxXX11xxx1XxxXXXXxXXxx..."
}<error>
<message>API key is invalid or missing</message>
<code>invalid_or_missing_api_key</code>
</error>//Here are a few different errors that will return a 401 Unauthorized status code:
--------------------------------------------------------
//Indicates that the username and|or password value is incorrect.
{
"status": {
"type": "Unauthorized",
"message": "Authentication Failed",
"error": true,
"code": 401
}
}
--------------------------------------------------------
//Indicates that the user has an account in the app, but his access has been disabled.
{
"status": {
"type": "Unauthorized",
"message": "User is not authorized to access App",
"error": true,
"code": 401
}
}//Here are a few different errors that will return a 404 Not Found status code:
--------------------------------------------------------
//Indicates that the user exists in OneLogin, but does not have an account in the app.
{
"status": {
"type": "error",
"message": "Login could not be found",
"error": true,
"code": 404
}
}
--------------------------------------------------------
{
"status": {
"type": "error",
"message": "User could not be found",
"error": true,
"code": 404
}
}
--------------------------------------------------------
{
"status": {
"type": "error",
"message": "App could not be found",
"error": true,
"code": 404
}
}Response Elements
|
|
Status of the request. |
|
|
Type of status. Valid values are:
|
|
|
Response status details. |
|
|
Valid values are:
|
|
|
Valid values align with HTTP status codes. For example, |
|
|
Provides the SAML assertion. |
Sample cURL Request
Be sure to replace placeholder values surrounded by < > with actual values.
curl -X POST -H "Content-Type: application/json" \
-d '{
"api_key": "<api_key>",
"username": "<email>",
"password": "<password>",
"app_id": "<app_id>"
}' \
https://api.onelogin.com/api/v3/saml/assertionPostman Collection
- Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.