{"description":"api_v1_saml_settings","type":"object","properties":{"enabled":{"description":"When enabled, the cluster accepts SAML authentication. It is necessary first to create a SAML integration for the cluster with a third-party SSO service (that will act as a SAML Identity Provider) and obtain IdP SSO URL and X.509 certificate. Use https://cluster-fqdn/saml for the Service Provider endpoint when creating the SAML integration. The cluster must be joined to an Active Directory domain, and the SSO service must be connected to the same domain.","type":"boolean"},"idp_sso_url":{"description":"IdP SSO URL. The cluster will send a SAML authentication request to this URL to ask for a Single Sign-On from the Identity Provider. ","type":"string"},"idp_certificate":{"description":"IdP X.509 certificate in PEM format. The cluster will use it to validate the SAML Response received from the Identity Provider before granting the user from the response a bearer token to access the cluster.","type":"string"},"idp_entity_id":{"description":"IdP entity ID. Must be a URI provided by the IdP. The cluster will use it to prepare correctly-formed SAML requests to the IdP and to verify that received SAML responses came from that IdP.","type":"string"},"cluster_dns_name":{"description":"DNS name of the cluster. Must be of the form `cluster.domain.com`. The cluster uses this to correctly redirect authentication flows back to itself when the user attempts to log in to the Identity Provider.","type":"string"},"require_sso":{"description":"If set, requires SSO for Active Directory (AD) users to be able to manage this cluster. The cluster rejects password-based authentication from AD users of the Web UI, qq CLI, and REST API. This setting does not restrict access over file protocols such as SMB.","type":"boolean"}}}
PUT
Set the SAML integration settings.
Parameters
Name
Description
Required
If-Match
ETag for expected version
No
Request
Schema
{"description":"api_v1_saml_settings","type":"object","properties":{"enabled":{"description":"When enabled, the cluster accepts SAML authentication. It is necessary first to create a SAML integration for the cluster with a third-party SSO service (that will act as a SAML Identity Provider) and obtain IdP SSO URL and X.509 certificate. Use https://cluster-fqdn/saml for the Service Provider endpoint when creating the SAML integration. The cluster must be joined to an Active Directory domain, and the SSO service must be connected to the same domain.","type":"boolean"},"idp_sso_url":{"description":"IdP SSO URL. The cluster will send a SAML authentication request to this URL to ask for a Single Sign-On from the Identity Provider. ","type":"string"},"idp_certificate":{"description":"IdP X.509 certificate in PEM format. The cluster will use it to validate the SAML Response received from the Identity Provider before granting the user from the response a bearer token to access the cluster.","type":"string"},"idp_entity_id":{"description":"IdP entity ID. Must be a URI provided by the IdP. The cluster will use it to prepare correctly-formed SAML requests to the IdP and to verify that received SAML responses came from that IdP.","type":"string"},"cluster_dns_name":{"description":"DNS name of the cluster. Must be of the form `cluster.domain.com`. The cluster uses this to correctly redirect authentication flows back to itself when the user attempts to log in to the Identity Provider.","type":"string"},"require_sso":{"description":"If set, requires SSO for Active Directory (AD) users to be able to manage this cluster. The cluster rejects password-based authentication from AD users of the Web UI, qq CLI, and REST API. This setting does not restrict access over file protocols such as SMB.","type":"boolean"}}}
Response
Codes
Code
Description
200
Return value on success
Schema
{"description":"api_v1_saml_settings","type":"object","properties":{"enabled":{"description":"When enabled, the cluster accepts SAML authentication. It is necessary first to create a SAML integration for the cluster with a third-party SSO service (that will act as a SAML Identity Provider) and obtain IdP SSO URL and X.509 certificate. Use https://cluster-fqdn/saml for the Service Provider endpoint when creating the SAML integration. The cluster must be joined to an Active Directory domain, and the SSO service must be connected to the same domain.","type":"boolean"},"idp_sso_url":{"description":"IdP SSO URL. The cluster will send a SAML authentication request to this URL to ask for a Single Sign-On from the Identity Provider. ","type":"string"},"idp_certificate":{"description":"IdP X.509 certificate in PEM format. The cluster will use it to validate the SAML Response received from the Identity Provider before granting the user from the response a bearer token to access the cluster.","type":"string"},"idp_entity_id":{"description":"IdP entity ID. Must be a URI provided by the IdP. The cluster will use it to prepare correctly-formed SAML requests to the IdP and to verify that received SAML responses came from that IdP.","type":"string"},"cluster_dns_name":{"description":"DNS name of the cluster. Must be of the form `cluster.domain.com`. The cluster uses this to correctly redirect authentication flows back to itself when the user attempts to log in to the Identity Provider.","type":"string"},"require_sso":{"description":"If set, requires SSO for Active Directory (AD) users to be able to manage this cluster. The cluster rejects password-based authentication from AD users of the Web UI, qq CLI, and REST API. This setting does not restrict access over file protocols such as SMB.","type":"boolean"}}}
PATCH
Modify the SAML integration settings.
Parameters
Name
Description
Required
If-Match
ETag for expected version
No
Request
Schema
{"description":"api_v1_saml_settings_patch","type":"object","properties":{"enabled":{"description":"When enabled, the cluster accepts SAML authentication. It is necessary first to create a SAML integration for the cluster with a third-party SSO service (that will act as a SAML Identity Provider) and obtain IdP SSO URL and X.509 certificate. Use https://cluster-fqdn/saml for the Service Provider endpoint when creating the SAML integration. The cluster must be joined to an Active Directory domain, and the SSO service must be connected to the same domain.","type":"boolean"},"idp_sso_url":{"description":"IdP SSO URL. The cluster will send a SAML authentication request to this URL to ask for a Single Sign-On from the Identity Provider. ","type":"string"},"idp_certificate":{"description":"IdP X.509 certificate in PEM format. The cluster will use it to validate the SAML Response received from the Identity Provider before granting the user from the response a bearer token to access the cluster.","type":"string"},"idp_entity_id":{"description":"IdP entity ID. Must be a URI provided by the IdP. The cluster will use it to prepare correctly-formed SAML requests to the IdP and to verify that received SAML responses came from that IdP.","type":"string"},"cluster_dns_name":{"description":"DNS name of the cluster. Must be of the form `cluster.domain.com`. The cluster uses this to correctly redirect authentication flows back to itself when the user attempts to log in to the Identity Provider.","type":"string"},"require_sso":{"description":"If set, requires SSO for Active Directory (AD) users to be able to manage this cluster. The cluster rejects password-based authentication from AD users of the Web UI, qq CLI, and REST API. This setting does not restrict access over file protocols such as SMB.","type":"boolean"}}}
Response
Codes
Code
Description
200
Return value on success
Schema
{"description":"api_v1_saml_settings","type":"object","properties":{"enabled":{"description":"When enabled, the cluster accepts SAML authentication. It is necessary first to create a SAML integration for the cluster with a third-party SSO service (that will act as a SAML Identity Provider) and obtain IdP SSO URL and X.509 certificate. Use https://cluster-fqdn/saml for the Service Provider endpoint when creating the SAML integration. The cluster must be joined to an Active Directory domain, and the SSO service must be connected to the same domain.","type":"boolean"},"idp_sso_url":{"description":"IdP SSO URL. The cluster will send a SAML authentication request to this URL to ask for a Single Sign-On from the Identity Provider. ","type":"string"},"idp_certificate":{"description":"IdP X.509 certificate in PEM format. The cluster will use it to validate the SAML Response received from the Identity Provider before granting the user from the response a bearer token to access the cluster.","type":"string"},"idp_entity_id":{"description":"IdP entity ID. Must be a URI provided by the IdP. The cluster will use it to prepare correctly-formed SAML requests to the IdP and to verify that received SAML responses came from that IdP.","type":"string"},"cluster_dns_name":{"description":"DNS name of the cluster. Must be of the form `cluster.domain.com`. The cluster uses this to correctly redirect authentication flows back to itself when the user attempts to log in to the Identity Provider.","type":"string"},"require_sso":{"description":"If set, requires SSO for Active Directory (AD) users to be able to manage this cluster. The cluster rejects password-based authentication from AD users of the Web UI, qq CLI, and REST API. This setting does not restrict access over file protocols such as SMB.","type":"boolean"}}}
