SAML: Login URL Node
The SAML: Login URL Node allows a workflow to create a login URL for a Security Assertion Markup Language 2.0 (SAML) single sign-on (SSO) identity provider.
Node Properties
The configuration for the The SAML: Login URL Node requires two SAML 2.0 metadata XMLs.
Configuration
Service Provider Metadata Template
An XML EntityDescriptor
describing the service provider - this field supports templating. Here is an example:
<EntityDescriptor
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="saml-poc">
<SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<!-- insert ds:Signature element (omitted) -->
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<AssertionConsumerService
isDefault="true"
index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://example.com/saml/assert"/>
</SPSSODescriptor>
</EntityDescriptor>
Identity Provider Metadata Template
An XML EntityDescriptor
describing the identity provider - this field supports templating. Here is an example:
<EntityDescriptor
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="https://example.com/saml2/idp/metadata.php">
<IDPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<!-- insert ds:Signature element (omitted) -->
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://example.com/saml2/idp/SingleLogoutService.php"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.com/saml2/idp/login.php"/>
</IDPSSODescriptor>
</EntityDescriptor>
Result Path
It is required you specify where on the payload path you want the created SAML login URL to be placed. If the creation is successful it will store the URL in an object with a redirectUrl
property at this path. If the URL creation errors, the result will be an object with an error
property.
Node Example
Here’s an example output from running the above workflow …
{
"working": {
"saml": {
"redirectUrl": "https://example.com/saml2/idp/login.php/Nnr5wYbUCAZ86sGrTA7sKJBzKfsjb9LX?..."
},
...
},
...
}
Node Errors
The following is an example of a failed operation:
{
"working": {
"saml": {
"error": {
"message": "Multiple metadata entitydescriptor"
},
}
...
},
...
}
Related Nodes
Was this page helpful?
Still looking for help? You can also search the WEGnology Forums or submit your question there.