Class: StytchB2B::SSO::SAML
- Inherits:
-
Object
- Object
- StytchB2B::SSO::SAML
- Includes:
- Stytch::RequestHelper
- Defined in:
- lib/stytch/b2b_sso.rb
Defined Under Namespace
Classes: CreateConnectionRequestOptions, DeleteVerificationCertificateRequestOptions, UpdateByURLRequestOptions, UpdateConnectionRequestOptions
Instance Method Summary collapse
-
#create_connection(organization_id:, display_name: nil, identity_provider: nil, method_options: nil) ⇒ Object
Create a new SAML Connection.
-
#delete_verification_certificate(organization_id:, connection_id:, certificate_id:, method_options: nil) ⇒ Object
Delete a SAML verification certificate.
-
#initialize(connection) ⇒ SAML
constructor
A new instance of SAML.
-
#update_by_url(organization_id:, connection_id:, metadata_url:, method_options: nil) ⇒ Object
Used to update an existing SAML connection using an IDP metadata URL.
-
#update_connection(organization_id:, connection_id:, idp_entity_id: nil, display_name: nil, attribute_mapping: nil, x509_certificate: nil, idp_sso_url: nil, saml_connection_implicit_role_assignments: nil, saml_group_implicit_role_assignments: nil, alternative_audience_uri: nil, identity_provider: nil, method_options: nil) ⇒ Object
Updates an existing SAML connection.
Methods included from Stytch::RequestHelper
#delete_request, #get_request, #post_request, #put_request, #request_with_query_params
Constructor Details
#initialize(connection) ⇒ SAML
Returns a new instance of SAML.
541 542 543 |
# File 'lib/stytch/b2b_sso.rb', line 541 def initialize(connection) @connection = connection end |
Instance Method Details
#create_connection(organization_id:, display_name: nil, identity_provider: nil, method_options: nil) ⇒ Object
Create a new SAML Connection.
Parameters:
- organization_id
-
Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. The type of this field is
String
. - display_name
-
A human-readable display name for the connection. The type of this field is nilable
String
. - identity_provider
-
Name of the IdP. Enum with possible values: ‘classlink`, `cyberark`, `duo`, `google-workspace`, `jumpcloud`, `keycloak`, `miniorange`, `microsoft-entra`, `okta`, `onelogin`, `pingfederate`, `rippling`, `salesforce`, `shibboleth`, or `generic`.
Specifying a known provider allows Stytch to handle any provider-specific logic.
The type of this field is nilable +CreateConnectionRequestIdentityProvider+ (string enum).
Returns:
An object with the following fields:
- request_id
-
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is
String
. - status_code
-
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is
Integer
. - connection
-
The ‘SAML Connection` object affected by this API call. See the [SAML Connection Object](stytch.com/docs/b2b/api/saml-connection-object) for complete response field details. The type of this field is nilable
SAMLConnection
(object
).
Method Options:
This method supports an optional StytchB2B::SSO::SAML::CreateConnectionRequestOptions
object which will modify the headers sent in the HTTP request.
574 575 576 577 578 579 580 581 582 583 584 585 586 587 |
# File 'lib/stytch/b2b_sso.rb', line 574 def create_connection( organization_id:, display_name: nil, identity_provider: nil, method_options: nil ) headers = {} headers = headers.merge(.to_headers) unless .nil? request = {} request[:display_name] = display_name unless display_name.nil? request[:identity_provider] = identity_provider unless identity_provider.nil? post_request("/v1/b2b/sso/saml/#{organization_id}", request, headers) end |
#delete_verification_certificate(organization_id:, connection_id:, certificate_id:, method_options: nil) ⇒ Object
Delete a SAML verification certificate.
You may need to do this when rotating certificates from your IdP, since Stytch allows a maximum of 5 certificates per connection. There must always be at least one certificate per active connection.
Parameters:
- organization_id
-
The organization ID that the SAML connection belongs to. The type of this field is
String
. - connection_id
-
The ID of the SAML connection. The type of this field is
String
. - certificate_id
-
The ID of the certificate to be deleted. The type of this field is
String
.
Returns:
An object with the following fields:
- request_id
-
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is
String
. - certificate_id
-
The ID of the certificate that was deleted. The type of this field is
String
. - status_code
-
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is
Integer
.
Method Options:
This method supports an optional StytchB2B::SSO::SAML::DeleteVerificationCertificateRequestOptions
object which will modify the headers sent in the HTTP request.
759 760 761 762 763 764 765 766 767 768 |
# File 'lib/stytch/b2b_sso.rb', line 759 def delete_verification_certificate( organization_id:, connection_id:, certificate_id:, method_options: nil ) headers = {} headers = headers.merge(.to_headers) unless .nil? delete_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/verification_certificates/#{certificate_id}", headers) end |
#update_by_url(organization_id:, connection_id:, metadata_url:, method_options: nil) ⇒ Object
Used to update an existing SAML connection using an IDP metadata URL.
A newly created connection will not become active until all the following are provided:
-
‘idp_sso_url`
-
‘idp_entity_id`
-
‘x509_certificate`
-
‘attribute_mapping` (must be supplied using [Update SAML Connection](update-saml-connection))
Parameters:
- organization_id
-
Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. The type of this field is
String
. - connection_id
-
Globally unique UUID that identifies a specific SSO ‘connection_id` for a Member. The type of this field is
String
. - metadata_url
-
A URL that points to the IdP metadata. This will be provided by the IdP. The type of this field is
String
.
Returns:
An object with the following fields:
- request_id
-
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is
String
. - status_code
-
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is
Integer
. - connection
-
The ‘SAML Connection` object affected by this API call. See the [SAML Connection Object](stytch.com/docs/b2b/api/saml-connection-object) for complete response field details. The type of this field is nilable
SAMLConnection
(object
).
Method Options:
This method supports an optional StytchB2B::SSO::SAML::UpdateByURLRequestOptions
object which will modify the headers sent in the HTTP request.
715 716 717 718 719 720 721 722 723 724 725 726 727 728 |
# File 'lib/stytch/b2b_sso.rb', line 715 def update_by_url( organization_id:, connection_id:, metadata_url:, method_options: nil ) headers = {} headers = headers.merge(.to_headers) unless .nil? request = { metadata_url: } put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}/url", request, headers) end |
#update_connection(organization_id:, connection_id:, idp_entity_id: nil, display_name: nil, attribute_mapping: nil, x509_certificate: nil, idp_sso_url: nil, saml_connection_implicit_role_assignments: nil, saml_group_implicit_role_assignments: nil, alternative_audience_uri: nil, identity_provider: nil, method_options: nil) ⇒ Object
Updates an existing SAML connection.
Note that a newly created connection will not become active until all of the following are provided:
-
‘idp_sso_url`
-
‘attribute_mapping`
-
‘idp_entity_id`
-
‘x509_certificate`
Parameters:
- organization_id
-
Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. The type of this field is
String
. - connection_id
-
Globally unique UUID that identifies a specific SSO ‘connection_id` for a Member. The type of this field is
String
. - idp_entity_id
-
A globally unique name for the IdP. This will be provided by the IdP. The type of this field is nilable
String
. - display_name
-
A human-readable display name for the connection. The type of this field is nilable
String
. - attribute_mapping
-
An object that represents the attributes used to identify a Member. This object will map the IdP-defined User attributes to Stytch-specific values. Required attributes: ‘email` and one of `full_name` or `first_name` and `last_name`. The type of this field is nilable
object
. - x509_certificate
-
A certificate that Stytch will use to verify the sign-in assertion sent by the IdP, in [PEM](en.wikipedia.org/wiki/Privacy-Enhanced_Mail) format. See our [X509 guide](stytch.com/docs/b2b/api/saml-certificates) for more info. The type of this field is nilable
String
. - idp_sso_url
-
The URL for which assertions for login requests will be sent. This will be provided by the IdP. The type of this field is nilable
String
. - saml_connection_implicit_role_assignments
-
All Members who log in with this SAML connection will implicitly receive the specified Roles. See the [RBAC guide](stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment. The type of this field is nilable list of
SAMLConnectionImplicitRoleAssignment
. - saml_group_implicit_role_assignments
-
Defines the names of the SAML groups
that grant specific role assignments. For each group-Role pair, if a Member logs in with this SAML connection and
belongs to the specified SAML group, they will be granted the associated Role. See the
[RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment. Before adding any group implicit role assignments, you must add a "groups" key to your SAML connection's
`attribute_mapping`. Make sure that your IdP is configured to correctly send the group information.
The type of this field is nilable list of +SAMLGroupImplicitRoleAssignment+.
- alternative_audience_uri
-
An alternative URL to use for the Audience Restriction. This value can be used when you wish to migrate an existing SAML integration to Stytch with zero downtime. Read our [SSO migration guide](stytch.com/docs/b2b/guides/migrations/additional-migration-considerations) for more info. The type of this field is nilable
String
. - identity_provider
-
Name of the IdP. Enum with possible values: ‘classlink`, `cyberark`, `duo`, `google-workspace`, `jumpcloud`, `keycloak`, `miniorange`, `microsoft-entra`, `okta`, `onelogin`, `pingfederate`, `rippling`, `salesforce`, `shibboleth`, or `generic`.
Specifying a known provider allows Stytch to handle any provider-specific logic.
The type of this field is nilable +UpdateConnectionRequestIdentityProvider+ (string enum).
Returns:
An object with the following fields:
- request_id
-
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is
String
. - status_code
-
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is
Integer
. - connection
-
The ‘SAML Connection` object affected by this API call. See the [SAML Connection Object](stytch.com/docs/b2b/api/saml-connection-object) for complete response field details. The type of this field is nilable
SAMLConnection
(object
).
Method Options:
This method supports an optional StytchB2B::SSO::SAML::UpdateConnectionRequestOptions
object which will modify the headers sent in the HTTP request.
652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 |
# File 'lib/stytch/b2b_sso.rb', line 652 def update_connection( organization_id:, connection_id:, idp_entity_id: nil, display_name: nil, attribute_mapping: nil, x509_certificate: nil, idp_sso_url: nil, saml_connection_implicit_role_assignments: nil, saml_group_implicit_role_assignments: nil, alternative_audience_uri: nil, identity_provider: nil, method_options: nil ) headers = {} headers = headers.merge(.to_headers) unless .nil? request = {} request[:idp_entity_id] = idp_entity_id unless idp_entity_id.nil? request[:display_name] = display_name unless display_name.nil? request[:attribute_mapping] = attribute_mapping unless attribute_mapping.nil? request[:x509_certificate] = x509_certificate unless x509_certificate.nil? request[:idp_sso_url] = idp_sso_url unless idp_sso_url.nil? request[:saml_connection_implicit_role_assignments] = saml_connection_implicit_role_assignments unless saml_connection_implicit_role_assignments.nil? request[:saml_group_implicit_role_assignments] = saml_group_implicit_role_assignments unless saml_group_implicit_role_assignments.nil? request[:alternative_audience_uri] = alternative_audience_uri unless alternative_audience_uri.nil? request[:identity_provider] = identity_provider unless identity_provider.nil? put_request("/v1/b2b/sso/saml/#{organization_id}/connections/#{connection_id}", request, headers) end |