See api-docs Menu

v1-v3 APIs have been deprecated

Don't worry, these APIs are deprecated, but they won't be shut off until 2017, at the earliest. Questions? Contact devsupport@onelogin.com.

All new development with APIs should use the newest version of our API: /1. API /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.

Generate SAML Assertion

Generate a SAML assertion based on OneLogin user authentication values.

For an example of what you can do with this API, see Use the OneLogin SAML Assertion API with AWS STS.

Resource URL

https://api.onelogin.com/api/v3/saml/assertion

Parameters

Content-Type

required

string

Set to application/json.

api_key

required

string

API key assigned to the OneLogin account that contains the user and app for which you want to generate a SAML token.

username

required

string

If you have a subdomain defined, you can set this to the username or email of the OneLogin user accessing the app for which you want to generate a SAML token.

If you do not have a subdomain defined, you must set this to the user’s email only.

password

required

string

Password of the OneLogin user accessing the app for which you want to generate a SAML token.

app_id

required

integer

App ID of the app for which you want to generate a SAML token. This is the app ID in OneLogin.

Sample Response

{
"status": {
"type": "success",
"message": "Success",
"error": false,
"code": 200
},
"data":
 "XXXxxXxxXxXxx1XxxX1XxxxX1xXxXxxXx1XxXxxxxxXXXxxxxxXX11xxx1XxxXXXXxXXxx..."
}
<error>
   <message>API key is invalid or missing</message>
   <code>invalid_or_missing_api_key</code>
</error>
//Here are a few different errors that will return a 401 Unauthorized status code:
--------------------------------------------------------
//Indicates that the username and|or password value is incorrect.
{
   "status": {
       "type": "Unauthorized",
       "message": "Authentication Failed",
       "error": true,
       "code": 401
       }
}
--------------------------------------------------------
//Indicates that the user has an account in the app, but his access has been disabled.
{
   "status": {
       "type": "Unauthorized",
       "message": "User is not authorized to access App",
       "error": true,
       "code": 401
       }
}
//Here are a few different errors that will return a 404 Not Found status code:
--------------------------------------------------------
//Indicates that the user exists in OneLogin, but does not have an account in the app.
{
   "status": {
       "type": "error",
       "message": "Login could not be found",
       "error": true,
       "code": 404
       }
}
--------------------------------------------------------
{
   "status": {
       "type": "error",
       "message": "User could not be found",
       "error": true,
       "code": 404
       }
}
--------------------------------------------------------
{
   "status": {
       "type": "error",
       "message": "App could not be found",
       "error": true,
       "code": 404
       }
}

Response Elements

status

Status of the request.

type

Type of status.

Valid values are:

  • error
  • success

message

Response status details.

error

Valid values are:

  • true: Indicates that an error occurred.
  • false: Indicates that no errors occurred.

code

Valid values align with HTTP status codes. For example, 200, 400, 401, 404, and so forth.

data

Provides the SAML assertion.

Sample cURL Request

Be sure to replace placeholder values surrounded by < > with actual values.

curl -X POST -H "Content-Type: application/json" \
-d '{
    "api_key": "<api_key>",
    "username": "<email>",
    "password": "<password>",
    "app_id": "<app_id>"
    }' \
https://api.onelogin.com/api/v3/saml/assertion

Postman Collection

Replace sample variables indicated by < > in the sample request body with your actual values. Also, be sure to set Postman-specific environment variables indicated by {{ }}.

Download for the Generate SAML Assertion API