Return One Connected Identity Provider
On this page
The federationSettings resource allows you to return one
identity provider for a federated authentication
configuration.
Required Roles
You must have the Organization Owner role for at least one
connected organization in the federation configuration to call this
endpoint.
Resource
GET /federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}
Request Path Parameters
Name | Type | Description |
|---|---|---|
| string | Unique 24-hexadecimal digit string that identifies the federated authentication configuration. |
| string | Unique 20-hexadecimal digit string that identifies the IdP. |
Request Query Parameters
The following query parameters are optional:
Name | Type | Necessity | Description | Default | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a prettyprint format. |
| ||||||
envelope | boolean | Optional | Flag that indicates whether or not to wrap the response in an envelope. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
|
|
Request Body Parameters
This endpoint doesn't use HTTP request body parameters.
Response
Name | Type | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| string | Assertion consumer service URL to which the IdP sends the SAML response. | |||||||||
| array | List that contains the configured domains from which users can log in for this IdP. | |||||||||
| array | List that contains the organizations from which users can log in for this IdP. | |||||||||
| string | Identifier for the intended audience of the SAML Assertion. | |||||||||
| string | Human-readable label that identifies the IdP. | |||||||||
| string | Identifier for the issuer of the SAML Assertion. | |||||||||
| string | Unique 20-hexadecimal digit string that identifies the IdP. | |||||||||
| array | List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate.
| |||||||||
| string | SAML Authentication Request Protocol binding used to send the AuthNRequest. Cloud Manager supports the following binding values:
| |||||||||
| string | Algorithm used to encrypt the IdP signature. Cloud Manager supports the following signature algorithm values:
| |||||||||
| boolean | Flag that indicates whether the IdP has SSO debugging enabled. | |||||||||
| string | URL of the receiver of the SAML AuthNRequest. | |||||||||
| string | Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP. |
Example Request
curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --include \ --request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/{IDP-ID}"
Example Response
{ "acsUrl" : "https://example.mongodb.com/sso/saml2/12345678901234567890", "associatedDomains" : [ ], "associatedOrgs" : [ ], "audienceUri" : "https://www.example.com/saml2/service-provider/abcdefghij1234567890", "displayName" : "Test", "issuerUri" : "urn:123456789000.us.provider.com", "oktaIdpId" : "1234567890abcdefghij", "pemFileInfo" : { "certificates" : [ { "notAfter" : "2035-09-29T15:03:55Z", "notBefore" : "2022-01-20T15:03:55Z" } ], "fileName" : "file.pem" }, "requestBinding" : "HTTP-POST", "responseSignatureAlgorithm" : "SHA-256", "ssoDebugEnabled" : true, "ssoUrl" : "https://123456789000.us.provider.com/samlp/12345678901234567890123456789012", "status" : "INACTIVE" }