Skip to main content

Creates a new version of sso configuration for a given authorisation server.

POST 
/organisations/:OrganisationId/authorisationservers/:AuthorisationServerId/sso-configuration/:ssoConfigurationId/versions

'Creates a new version of sso configuration for a given sso configured authorisation server. The new version will need approval before being considered active. A newly created unapproved version is suspended until approval.'

Request

Path Parameters

    OrganisationId OrganisationIdrequired

    Possible values: non-empty and <= 40 characters, Value must match regular expression ^[^<>]*$

    The organisation ID

    AuthorisationServerId uuidrequired

    Possible values: <= 40 characters, Value must match regular expression ^[^<>]*$

    The authorisation server Id

    ssoConfigurationId uuidrequired

    The unique identifier representing a given sso configuration of an authorisation server

Header Parameters

    x-fapi-auth-date string

    Possible values: Value must match regular expression ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$

    The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC

    x-fapi-customer-ip-address string

    The PSU's IP address if the PSU is currently logged in with the TPP.

    x-fapi-interaction-id string

    An RFC4122 UID used as a correlation id.

    x-customer-user-agent string

    Indicates the user-agent that the PSU is using.

Body

Request object to configure a subject authorisation server's sso functionality with a new verison of it's configuration

    ClientID stringrequired

    Possible values: <= 255 characters

    The Client ID to be used by the Raidiam IDP to retrieve identity claims from the external IDP used for SSO

    RestrictedDomains string[]required

    Possible values: <= 10

    List of email domains that will be forced to use this IDP for SSO

    SupportedDomains string[]required

    Possible values: <= 10

    List email domains that will have the option to use this IDP for SSO

    GroupClaim stringrequired

    Possible values: <= 60 characters

    The name of the claim in the ID Token returned by the external IDP containing the list of user group identifiers

    GroupClaimPath string

    Possible values: <= 255 characters, Value must match regular expression ^\$[.\[].*

    Default value: $.

    Valid JSON Path indicating the location in the ID Token of the group claim

    AdditionalScopeValues string

    Possible values: <= 255 characters

    Additional space-separated scope values that will be requested alongside the default of openid, email and profile

    AuthenticationPolicies AuthenticationPolicyEnum (string)[]required

    Possible values: [CLICK_TO_ACCEPT_TERMS, ESIGNATURE_TERMS, RECOVERY_CODES, TWO_FACTOR, VERIFY_EMAIL_AND_MOBILE]

    List of sign-in policies that are applied during authentication

Responses

A single sso configuration version for a given authorisation server's sso configuration

Response Headers

  • x-fapi-interaction-id

    string

Schema

    ClientID stringrequired

    Possible values: <= 255 characters

    The Client ID to be used by the Raidiam IDP to retrieve identity claims from the external IDP used for SSO

    RestrictedDomains string[]required

    Possible values: <= 10

    List of email domains that will be forced to use this IDP for SSO

    SupportedDomains string[]required

    Possible values: <= 10

    List email domains that will have the option to use this IDP for SSO

    GroupClaim stringrequired

    Possible values: <= 60 characters

    The name of the claim in the ID Token returned by the external IDP containing the list of user group identifiers

    GroupClaimPath string

    Possible values: <= 255 characters, Value must match regular expression ^\$[.\[].*

    Default value: $.

    Valid JSON Path indicating the location in the ID Token of the group claim

    AdditionalScopeValues string

    Possible values: <= 255 characters

    Additional space-separated scope values that will be requested alongside the default of openid, email and profile

    AuthenticationPolicies AuthenticationPolicyEnum (string)[]required

    Possible values: [CLICK_TO_ACCEPT_TERMS, ESIGNATURE_TERMS, RECOVERY_CODES, TWO_FACTOR, VERIFY_EMAIL_AND_MOBILE]

    List of sign-in policies that are applied during authentication

    Status ApprovalFlowStatusEnum (string)required

    Possible values: Value must match regular expression ^[^<>]*$, [Active, Assignable, Pending, Rejected, Inactive]

    The status of a resource that has an approval flow

    ID uuid

    Unique identifier of the given OpenID Connect Provider's SSO Configuration

    SsoConfigurationID uuid

    Unique identifier of the given OpenID Connect Provider's SSO Configuration

    Version int16

    Version number of the SSO configuration

    CreatedAt date-time
    UpdatedAt date-time
Loading...