{ "swagger":"2.0", "info":{ "title":"REST API for Federation Management in Oracle Access Manager", "description":"The Oracle Access Manager Federation Management REST API enables you to create service provder(SP) or identity provider(IDP) partners, configure single sign-on(SSO) service and orchestration. This document contains federation Rest APIs for R2PS3 and 12C.", "version":"2024.04.12", "x-summary":"The Oracle Access Manager Federation Management REST API enables you to create service provder(SP) or identity provider(IDP) partners, configure single sign-on(SSO) service and orchestration." }, "tags":[ { "name":"Fed Global", "description":"The REST endpoint service request is used to configure, update and retrieve the Fed Global parameters." }, { "name":"OIFR1/Orchestrator", "description":"The OIF Federation Wiring REST service will establish Federation trust between the IdP and an SP Partner and enable or disable Federation SSO between those two partners. This service will be invoked by the DevOps automation scripts, or by a Self Service Admin page." }, { "name":"OIFR1/SSO Service", "description":"The REST endpoint POST request is used to configure the SSO service. This API is used for wiring with Fusion Applications and it configures the FAAuthScheme.

For Fusion Applications, IdP is configured at global level to:

OAM/Fed will be able to have specific SP Partner configuration:

" }, { "name":"OIFR1/Trusted Partner/IDP Partner", "description":"The services hosting the SAML 2.0 SP server, such as OIF, PaaS, Taleo, RightNow... will provide an implementation of the REST APIs interface defined in this section that will be invoked by the Federation Wiring Tool to provision an IdP and configure Federation SSO at the various service SPs" }, { "name":"OIFR1/Trusted Partner/SP Partner", "description":"The REST endpoint service request to support create trusted SP partners." }, { "name":"R2PS3 | 12C/Orchestrator", "description":"The OIF Federation Wiring REST service will establish Federation trust between the IdP and an SP Partner and enable or disable Federation SSO between those two partners. This service will be invoked by the DevOps automation scripts, or by a Self Service Admin page." }, { "name":"R2PS3 | 12C/SSO Service", "description":"The operations from the R2PS3 | 12C/SSO Service category." }, { "name":"SSO Service", "description":"The REST endpoint is used to configure, update and retrieve SSO Service parameters." }, { "name":"Test SP SSO", "description":"The operations from the Test SP SSO category." }, { "name":"Trusted Partner V1/API Key/IDP Partner", "description":"Create, Get API key for IDP partner." }, { "name":"Trusted Partner V1/API Key/SP Partner", "description":"Create, Get API key for SP partner." }, { "name":"Trusted Partner V1/Partner Config/IDP Partner", "description":"Federation IDP Partner Rest API" }, { "name":"Trusted Partner V1/Partner Config/SP Partner", "description":"Federation SP Partner Rest API" }, { "name":"Trusted Partner/IDP Partner", "description":"Create, Update and Delete Trusted IDP partner." }, { "name":"Trusted Partner/SP Partner", "description":"Create, Update and Delete Trusted SP partner." } ], "schemes":[ "http", "https" ], "paths":{ "/oam/services/rest/11.1.2.0.0/fed/admin/testsp":{ "post":{ "tags":[ "Test SP SSO" ], "summary":"Configure Test SP SSO", "description":"The REST endpoint service request is used to enable the Test SP SSO using the POST method.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"body", "name":"body", "description":"Test SP SSO parameters ", "required":true, "schema":{ "$ref":"#/definitions/testSPInput" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-testsp-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-testsp-post" }, "get":{ "tags":[ "Test SP SSO" ], "summary":"View Test SP SSO", "description":"The REST endpoint service request is used to retrieve the Test SP SSO using the GET method.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/testSPInput" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-testsp-get", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-testsp-get" }, "put":{ "tags":[ "Test SP SSO" ], "summary":"Disable Test SP SSO", "description":"The REST endpoint service request is used to disable the Test SP SSO Service using GET method.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"body", "name":"body", "description":"Test SP SSO parameters ", "required":true, "schema":{ "$ref":"#/definitions/testSPInput" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-testsp-put", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-testsp-put" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/fedglobal":{ "post":{ "tags":[ "Fed Global" ], "summary":"Configure Fed Global", "description":"The REST endpoint service request is used to configure the Fed Global parameters using the POST method.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"body", "name":"body", "description":"Fed Global parameters ", "required":true, "schema":{ "$ref":"#/definitions/configureFedGlobalInput" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-fedglobal-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-fedglobal-post" }, "get":{ "tags":[ "Fed Global" ], "summary":"View Fed Global", "description":"The REST endpoint service request is used to retrieve the Fed Global parameters using the GET method.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/configureFedGlobalInput" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-fedglobal-get", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-fedglobal-get" }, "put":{ "tags":[ "Fed Global" ], "summary":"Update Fed Global", "description":"The REST endpoint service request to update the Fed Global parameters using PUT method.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"body", "name":"body", "description":"Fed Global parameters", "required":true, "schema":{ "$ref":"#/definitions/configureFedGlobalInput" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-fedglobal-put", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-fedglobal-put" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/sso":{ "post":{ "tags":[ "SSO Service" ], "summary":"Configure SSO Service", "description":"The REST endpoint POST request is used to configure the SSO service. This API is used for wiring with Fusion Applications and it configures the FAAuthScheme.

For Fusion Applications, IdP is configured at global level to:

OAM/Fed will be able to have specific SP Partner configuration:

", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"body", "name":"body", "description":"These parameters can be used for configuring SSO service", "required":true, "schema":{ "$ref":"#/definitions/ConfigureSSOInput" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR." } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-sso-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-sso-post" }, "put":{ "tags":[ "R2PS3 | 12C/SSO Service" ], "summary":"Update SSO Service", "description":"The REST endpoint request is used to configure the SSO service when the customer is the identity provider using the PUT method", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"body", "name":"body", "description":"ssoChooser, ssoFederation and oamLogoutDoneURL can be updated using the PUT operation.", "required":true, "schema":{ "$ref":"#/definitions/ConfigureSSOInput" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR." } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-sso-put", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-sso-put" }, "get":{ "tags":[ "R2PS3 | 12C/SSO Service" ], "summary":"View SSO Service", "description":"The REST endpoint request is used to retrieve the SSO service information when the customer is the identity provider using the GET method", "produces":[ "application/json" ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/ssoOutput" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-sso-get", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-sso-get" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/trustedpartners/idp":{ "get":{ "tags":[ "Trusted Partner/IDP Partner" ], "summary":"List Partners", "description":"List all IdP partners by this method.", "produces":[ "application/json" ], "responses":{ "200":{ "description":"OK", "schema":{ "type":"array", "items":{ "$ref":"#/definitions/partnerInfo" } } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-get", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-get" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/trustedpartners/idp/{partnerName}":{ "post":{ "tags":[ "Trusted Partner/IDP Partner" ], "summary":"Create Partner", "description":"A specific IdP partner resource is created by this method, where partnerName is the name of the partner to be created.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"IDP Partner name", "required":true, "type":"string" }, { "in":"body", "name":"body", "description":"IDP Partner details", "required":true, "schema":{ "$ref":"#/definitions/idpPartnerData" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-{partnerName}-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-partnername-post" }, "get":{ "tags":[ "Trusted Partner/IDP Partner" ], "summary":"View Partner", "description":"Get the specific IdP partner by this method, where partnerName is the name of the partner to be fetched.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"IDP Partner name", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/partnerInfo" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-{partnerName}-get", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-partnername-get" }, "put":{ "tags":[ "Trusted Partner/IDP Partner" ], "summary":"Update Partner", "description":"A specific IdP partner resource is updated by this method, where partnerName is the name of the partner to be updated.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"IDP Partner name", "required":true, "type":"string" }, { "in":"body", "name":"body", "description":"IDP Partner details", "required":true, "schema":{ "$ref":"#/definitions/idpPartnerData" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-{partnerName}-put", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-partnername-put" }, "delete":{ "tags":[ "Trusted Partner/IDP Partner" ], "summary":"Delete Partner", "description":"Delete the specific IdP partner by this method, where partnerName is the name of the partner to be deleted.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"IDP Partner name", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-{partnerName}-delete", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-idp-partnername-delete" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/trustedpartners/sp":{ "get":{ "tags":[ "Trusted Partner/SP Partner" ], "summary":"List Partners", "description":"List all SP partners by this method.", "produces":[ "application/json" ], "responses":{ "200":{ "description":"OK", "schema":{ "type":"array", "items":{ "$ref":"#/definitions/partnerInfo" } } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-get", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-get" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/trustedpartners/sp/{partnerName}":{ "post":{ "tags":[ "Trusted Partner/SP Partner" ], "summary":"Create Partner", "description":"A specific SP partner resource is created by this method, where partnerName is the name of the partner to be created.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"SP Partner name", "required":true, "type":"string" }, { "in":"body", "name":"body", "description":"SP Partner details", "required":true, "schema":{ "$ref":"#/definitions/spPartnerData" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/partnerInfo" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR." } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-{partnerName}-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-partnername-post" }, "get":{ "tags":[ "Trusted Partner/SP Partner" ], "summary":"View Partner", "description":"Get the specific SP partner by this method, where partnerName is the name of the partner to be fetched.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"SP Partner name", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/partnerInfo" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-{partnerName}-get", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-partnername-get" }, "put":{ "tags":[ "Trusted Partner/SP Partner" ], "summary":"Update Partner", "description":"A specific SP partner resource is updated by this method, where partnerName is the name of the partner to be updated.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"SP Partner name", "required":true, "type":"string" }, { "in":"body", "name":"body", "description":"SP Partner details", "required":true, "schema":{ "$ref":"#/definitions/spPartnerData" } } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-{partnerName}-put", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-partnername-put" }, "delete":{ "tags":[ "Trusted Partner/SP Partner" ], "summary":"Delete Partner", "description":"Delete the specific SP partner by this method, where partnerName is the name of the partner to be deleted.", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"path", "name":"partnerName", "description":"SP Partner name", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-{partnerName}-delete", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedpartners-sp-partnername-delete" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/trustedsppartners":{ "post":{ "tags":[ "OIFR1/Trusted Partner/SP Partner" ], "summary":"Create Partner", "description":"The REST endpoint service request is used to create trusted SP Partner using FORM data.", "consumes":[ "multipart/form-data" ], "produces":[ "application/json" ], "parameters":[ { "in":"formData", "name":"idpTenantName", "description":"the customers' tenant name in the PaaS (only used if OIF is multi tenant enabled)", "type":"string" }, { "in":"formData", "name":"idpTenantURL", "description":"the customers' tenant URL path. (only used if OIF is multi tenant enabled; required)", "type":"string" }, { "in":"formData", "name":"spPartnerName", "description":"the partner name to be used", "type":"string" }, { "in":"formData", "name":"spProviderID", "description":"the SP's ProviderID", "type":"string" }, { "in":"formData", "name":"metadata", "description":"the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, metadataURL will be used", "type":"string" }, { "in":"formData", "name":"metadataURL", "description":"URL where the SP metadata can be downloaded", "type":"string" }, { "in":"formData", "name":"assertionConsumerURL", "description":"the SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion", "type":"string" }, { "in":"formData", "name":"logoutRequestURL", "description":"the URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML", "type":"string" }, { "in":"formData", "name":"logoutResponseURL", "description":"the URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse", "type":"string" }, { "in":"formData", "name":"signingCert", "description":"the Base64 encoded X.509 Signing Certificate used by the SP to sign messages", "type":"string" }, { "in":"formData", "name":"encryptionCert", "description":"the Base64 encoded X.509 Encryption Certificate used by the SP to decrypt encrypted SAML messages", "type":"string" }, { "in":"formData", "name":"nameIDFormat", "description":"the NameID format used during Federation SSO. If emailaddress, then the NameID value of an Assertion created by the IdP will contain the user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user's ID", "type":"string" }, { "in":"formData", "name":"ssoProfile", "description":"the SAML 2.0 SSO profile to use", "type":"string", "enum":[ "artifact", "httppost" ] }, { "in":"formData", "name":"generateNewKeys", "description":"indicates whether or not new keys and corresponding self signed certificates should be generated for SAML operations, also indicates if new cryptographic materials should be re-generated", "type":"string", "enum":[ "true", "false" ] }, { "in":"formData", "name":"validityNewKeys", "description":"indicates the validity in days of the self signed certificates", "type":"string" }, { "in":"formData", "name":"preverify", "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call", "type":"string", "default":"false" }, { "in":"formData", "name":"lastNameAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will not be set to firstname)", "type":"string" }, { "in":"formData", "name":"firstNameAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will not be set to lastname)", "type":"string" }, { "in":"formData", "name":"userNameAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will not be set to username)", "type":"string" }, { "in":"formData", "name":"emailAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will not be set to email)", "type":"string" }, { "in":"formData", "name":"staticAttrName", "description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required", "type":"string" }, { "in":"formData", "name":"staticAttrValue", "description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required", "type":"string" }, { "in":"formData", "name":"customAttrs", "description":"indicates a list of optional attributes (if missing, then the attribute will not be sent)", "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedsppartners-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedsppartners-post" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/ssoservice":{ "post":{ "tags":[ "OIFR1/SSO Service" ], "summary":"Configure SSO Service", "description":"The REST endpoint is used to configure SSO Service parameters.", "consumes":[ "multipart/form-data" ], "produces":[ "application/json" ], "parameters":[ { "in":"formData", "name":"spTenantName", "description":"the customers' tenant name in the targeted service", "type":"string" }, { "in":"formData", "name":"idpProviderID", "description":"providerID for IDP Partner", "type":"string" }, { "in":"formData", "name":"preverify", "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the Federation service is correctly configured before the changes are performed in a subsequent call.", "type":"string" }, { "in":"formData", "name":"ssoFederation", "description":"indicates whether or not SSO should be enabled", "type":"string" }, { "in":"formData", "name":"ssoChooser", "description":"indicates whether or not SSO should be enabled, true or false (ONLY FOR OIF)", "type":"string" }, { "in":"formData", "name":"oamadminuser", "description":"the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)", "type":"string" }, { "in":"formData", "name":"oamadminpassword", "description":"the password for the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)", "type":"string" }, { "in":"formData", "name":"oamadminhost", "description":"the hostname where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)", "type":"string" }, { "in":"formData", "name":"oamadminport", "description":"the port where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)", "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-ssoservice-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-ssoservice-post" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/trustedidppartners":{ "post":{ "tags":[ "OIFR1/Trusted Partner/IDP Partner" ], "summary":"Create Partner", "description":"The REST endpoint service request is used to create trusted IDP Partner using FORM data.", "consumes":[ "multipart/form-data" ], "produces":[ "application/json" ], "parameters":[ { "in":"formData", "name":"spTenantName", "description":"the customer's tenant name in the targeted service. For example, the customer ACME Corp might be known in PaaS as acme and in Taleo as acmecorp. (only used if OIF is multi tenant enabled)", "type":"string" }, { "in":"formData", "name":"spTenantURL", "description":"the customers' tenant URL path. (only used if OIF is multi tenant enabled)", "type":"string" }, { "in":"formData", "name":"idpPartnerName", "description":"the partner name to be used", "type":"string" }, { "in":"formData", "name":"idpProviderID", "description":"the IdP's ProviderID", "type":"string" }, { "in":"formData", "name":"metadata", "description":"the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, idpmetadataurl will be used. If missing, the assertionConsumerServiceArtifactURL, assertionConsumerServicePOSTURL, logoutRequestURL, logoutResponseURL, signingCert and encryptionCert fields must be set, otherwise those fields will be ignored", "type":"string" }, { "in":"formData", "name":"metadataURL", "description":"URL where the IdP metadata can be downloaded", "type":"string" }, { "in":"formData", "name":"ssoURL", "description":"the SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile", "type":"string" }, { "in":"formData", "name":"ssoSOAPURL", "description":"the SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile", "type":"string" }, { "in":"formData", "name":"logoutRequestURL", "description":"the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML", "type":"string" }, { "in":"formData", "name":"logoutResponseURL", "description":"the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse", "type":"string" }, { "in":"formData", "name":"signingCert", "description":"the Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions", "type":"string" }, { "in":"formData", "name":"encryptionCert", "description":"the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages", "type":"string" }, { "in":"formData", "name":"succinctID", "description":"the SHA-1 hash of the ProviderID. It is a mandatory field in case of artifact response.", "type":"string" }, { "in":"formData", "name":"nameIDFormat", "description":"the NameID format used during Federation SSO, emailaddress or unspecified. If emailaddress, then the NameID value of an Assertion created by the IdP will contain the user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user's ID", "type":"string", "enum":[ "emailaddress", "unspecified" ] }, { "in":"formData", "name":"attributeLDAP", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping", "type":"string" }, { "in":"formData", "name":"attributeSAML", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping", "type":"string" }, { "in":"formData", "name":"ssoProfile", "description":"the SAML 2.0 SSO profile to use", "type":"string", "enum":[ "artifact", "httppost" ] }, { "in":"formData", "name":"faWelcomePage", "description":"the default relay state to set in that IdP partner entry", "type":"string" }, { "in":"formData", "name":"generateNewKeys", "description":"indicates whether or not new keys and corresponding self signed certificates should be generated for SAML operations, indicates if new cryptographic materials should be re-generated", "type":"string", "enum":[ "true", "false" ] }, { "in":"formData", "name":"validityNewKeys", "description":"indicates the validity in days of the self signed certificates", "type":"string" }, { "in":"formData", "name":"preverify", "description":"will test the data-set of idp partner but will not create the actual partner if set to 'true'", "type":"string", "default":"false" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedidppartners-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-trustedidppartners-post" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/orchestratorservice":{ "post":{ "tags":[ "OIFR1/Orchestrator" ], "summary":"Orchestrator Service", "description":"The REST endpoint service request is used to create trusted IDP Partner using FORM data.", "consumes":[ "multipart/form-data" ], "produces":[ "application/json" ], "parameters":[ { "in":"formData", "name":"command", "description":"command for Orchestration to create trusted SP and IDP Partner the value should be 'setupSPAndIdPTrust')", "type":"string", "enum":[ "setupSPAndIdPTrust", "configureSSO", "configureTestSP" ] }, { "in":"formData", "name":"spresturl", "description":"the REST URL for the SP server", "type":"string" }, { "in":"formData", "name":"spadminuser", "description":"the WLS admin for the SP server", "type":"string" }, { "in":"formData", "name":"spadminpassword", "description":"the password for WLS admin for the SP server", "type":"string" }, { "in":"formData", "name":"spmetadataurl", "description":"URL where the SP metadata can be downloaded", "type":"string" }, { "in":"formData", "name":"idpPartnerName", "description":"the partner name to be used", "type":"string" }, { "in":"formData", "name":"sptype", "description":"the type of SP being configured ", "type":"string" }, { "in":"formData", "name":"idpresturl", "description":"the REST URL for the IdP server", "type":"string" }, { "in":"formData", "name":"idpadminuser", "description":"the WLS admin for the IdP server", "type":"string" }, { "in":"formData", "name":"idpadminpassword", "description":"the password for WLS admin for the IdP server", "type":"string" }, { "in":"formData", "name":"idpmetadataurl", "description":"URL where the IdP metadata can be downloaded", "type":"string" }, { "in":"formData", "name":"idptype", "description":"

the type of IDP to being configured:

NOTE: If emailaddress, then the NameID value of an Assertion created by the IdP will contain t IdP he user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user ID. This will be sent to the remote SP partner REST service

", "type":"string" }, { "in":"formData", "name":"nameIDFormat", "description":"the NameID format used during Federation SSO", "type":"string", "enum":[ "emailaddress", "unspecified" ] }, { "in":"formData", "name":"ssoProfile", "description":"the SAML 2.0 SSO profile to use", "type":"string", "enum":[ "artifact", "httppost" ] }, { "in":"formData", "name":"spPartnerName", "description":"the partner name to be used", "type":"string" }, { "in":"formData", "name":"lastNameAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)", "type":"string" }, { "in":"formData", "name":"firstNameAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)", "type":"string" }, { "in":"formData", "name":"userNameAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)", "type":"string" }, { "in":"formData", "name":"emailAttrName", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)", "type":"string" }, { "in":"formData", "name":"idpmetadata", "description":"the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, metadataURL will be used", "type":"string" }, { "in":"formData", "name":"spmetadata", "description":"the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, spmetadataurl will be used", "type":"string" }, { "in":"formData", "name":"ssoURL", "description":"the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service", "type":"string" }, { "in":"formData", "name":"ssoSOAPURL", "description":"the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service", "type":"string" }, { "in":"formData", "name":"assertionConsumerURL", "description":"the SP SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion", "type":"string" }, { "in":"formData", "name":"idpLogoutRequestURL", "description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML . This will be sent to the remote SP partner REST service", "type":"string" }, { "in":"formData", "name":"spLogoutRequestURL", "description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML", "type":"string" }, { "in":"formData", "name":"idpLogoutResponseURL", "description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse. This will be sent to the remote SP partner REST service", "type":"string" }, { "in":"formData", "name":"spLogoutResponseURL", "description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse", "type":"string" }, { "in":"formData", "name":"idpProviderID", "description":"the IdP's ProviderID. This will be sent to the remote SP partner REST service succinctID: the SHA-1 hash of the IdP's ProviderID", "type":"string" }, { "in":"formData", "name":"spProviderID", "description":"Provider ID of the SP Partner", "type":"string" }, { "in":"formData", "name":"succinctID", "description":"the SHA-1 hash of the IdP's ProviderID", "type":"string" }, { "in":"formData", "name":"idpSigningCert", "description":"the IdP Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions. This will be sent to the remote SP partner REST service", "type":"string" }, { "in":"formData", "name":"spSigningCert", "description":"the Base64 encoded X.509 SP Signing Certificate used by the SP to sign messages", "type":"string" }, { "in":"formData", "name":"idpEncryptionCert", "description":"IdP the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages. This will be sent to the remote SP partner REST service", "type":"string" }, { "in":"formData", "name":"spEncryptionCert", "description":"the Base64 encoded X.509 SP Encryption Certificate used by the SP to decrypt encrypted SAML messages", "type":"string" }, { "in":"formData", "name":"attributeSAML", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping", "type":"string" }, { "in":"formData", "name":"attributeLDAP", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping", "type":"string" }, { "in":"formData", "name":"faWelcomePage", "description":"the default relay state to set in that will be used by the SP(optional)", "type":"string" }, { "in":"formData", "name":"oamadminuser", "description":"the WLS admin for the SP server", "type":"string" }, { "in":"formData", "name":"oamadminpassword", "description":"the password for WLS admin for the SP server", "type":"string" }, { "in":"formData", "name":"oamadminhost", "description":"the hostname where WLS Admin server is installed", "type":"string" }, { "in":"formData", "name":"oamadminport", "description":"the port where WLS Admin server is installed", "type":"string" }, { "in":"formData", "name":"staticAttrName", "description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required", "type":"string" }, { "in":"formData", "name":"staticAttrValue", "description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required", "type":"string" }, { "in":"formData", "name":"customAttrs", "description":"indicates a list of optional attributes should be sent (if missing, then the attribute will not be sent)", "type":"string" }, { "in":"formData", "name":"ssoFederation", "description":"indicates whether or not SSO should be enabled", "type":"string", "enum":[ "true", "false" ] }, { "in":"formData", "name":"ssoChooser", "description":"indicates whether or not SSO should be enabled", "type":"string", "enum":[ "true", "false" ] }, { "in":"formData", "name":"ssoMobile", "description":"Mobile SSO for the SP Partner", "type":"string" }, { "in":"formData", "name":"preverify", "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service", "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/statusResponse" } }, "400":{ "description":"Bad Request." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-orchestratorservice-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-orchestratorservice-post" } }, "/oam/services/rest/11.1.2.0.0/fed/admin/orchestrator":{ "post":{ "tags":[ "R2PS3 | 12C/Orchestrator" ], "summary":"Orchestrator Service", "description":"The orchestrator is a service that can be used to configure two Federation servers together:", "consumes":[ "application/json", "application/xml", "text/xml" ], "produces":[ "application/json" ], "parameters":[ { "in":"body", "name":"body", "description":"IDP and SP Partner Info", "required":true, "schema":{ "$ref":"#/definitions/OrchestratorInput" } } ], "responses":{ "200":{ "description":"OK" }, "400":{ "description":"Bad Request. Returned when you try to orchestrate for a service instance where the Identity Federation is not enabled." }, "500":{ "description":"INTERNAL SERVER ERROR. " } }, "x-internal-id":"oam-services-rest-11.1.2.0.0-fed-admin-orchestrator-post", "x-filename-id":"oam-services-rest-11.1.2.0.0-fed-admin-orchestrator-post" } }, "/oam/services/rest/v1/fed/partners/sp/{partnerName}":{ "post":{ "tags":[ "Trusted Partner V1/Partner Config/SP Partner" ], "summary":"Update Partner config", "description":"Update service provider config of the given partner, using API Key for authentication, API key will be securely communicated offline by respective admin using which the rest API can be called.", "consumes":[ "application/json" ], "produces":[ "application/json" ], "parameters":[ { "name":"partnerName", "in":"path", "description":"Name of the partner", "required":true, "type":"string" }, { "name":"partnerConfigBody", "in":"body", "description":"PartnerConfigBody", "required":true, "schema":{ "$ref":"#/definitions/PartnerConfigBody" } } ], "responses":{ "200":{ "description":"OK" }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Service provider config missing for the given partner name" } }, "security":[ { "ApiKeyQuery":[ ] } ], "x-internal-id":"oam-services-rest-v1-fed-partners-sp-{partnerName}-post", "x-filename-id":"oam-services-rest-v1-fed-partners-sp-partnername-post" } }, "/oam/services/rest/v1/fed/partners/idp/{partnerName}":{ "post":{ "tags":[ "Trusted Partner V1/Partner Config/IDP Partner" ], "summary":"Update Partner config", "description":"Update identity provider config of the given partner, using API Key for authentication, API key will be securely communicated offline by respective admin using which the rest API can be called.", "consumes":[ "application/json" ], "produces":[ "application/json" ], "parameters":[ { "name":"partnerName", "in":"path", "description":"Name of the partner", "required":true, "type":"string" }, { "name":"partnerConfigBody", "in":"body", "description":"PartnerConfigBody", "required":true, "schema":{ "$ref":"#/definitions/PartnerConfigBody" } } ], "responses":{ "200":{ "description":"OK" }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Service provider config missing for the given partner name" } }, "security":[ { "ApiKeyQuery":[ ] } ], "x-internal-id":"oam-services-rest-v1-fed-partners-idp-{partnerName}-post", "x-filename-id":"oam-services-rest-v1-fed-partners-idp-partnername-post" } }, "/oam/services/rest/v1/fed/admin/partners/sp/{partnerName}/apikey":{ "post":{ "tags":[ "Trusted Partner V1/API Key/SP Partner" ], "summary":"Update Partner API Key", "description":"SP partner API Key will get created/updated, using admin credential authentication, API Key will be used for authentication", "produces":[ "application/json" ], "parameters":[ { "name":"partnerName", "in":"path", "description":"Name of the partner", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/PartnerApiKeyInfo" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Service provider config missing for the given partner Name" } }, "x-internal-id":"oam-services-rest-v1-fed-admin-partners-sp-{partnerName}-apikey-post", "x-filename-id":"oam-services-rest-v1-fed-admin-partners-sp-partnername-apikey-post" }, "get":{ "tags":[ "Trusted Partner V1/API Key/SP Partner" ], "summary":"View Partner API Key", "description":"Retrieve sp partner API Key, using admin credential authentication", "produces":[ "application/json" ], "parameters":[ { "name":"partnerName", "in":"path", "description":"Name of the partner", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/PartnerApiKeyInfo" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Service provider config missing for the given partner Name" } }, "x-internal-id":"oam-services-rest-v1-fed-admin-partners-sp-{partnerName}-apikey-get", "x-filename-id":"oam-services-rest-v1-fed-admin-partners-sp-partnername-apikey-get" } }, "/oam/services/rest/v1/fed/admin/partners/idp/{partnerName}/apikey":{ "post":{ "tags":[ "Trusted Partner V1/API Key/IDP Partner" ], "summary":"Update Partner API Key", "description":"IDP partner API Key will get created/updated, using admin credential authentication, API Key will be used for authentication", "produces":[ "application/json" ], "parameters":[ { "name":"partnerName", "in":"path", "description":"Name of the partner", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/PartnerApiKeyInfo" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Service provider config missing for the given partner Name" } }, "x-internal-id":"oam-services-rest-v1-fed-admin-partners-idp-{partnerName}-apikey-post", "x-filename-id":"oam-services-rest-v1-fed-admin-partners-idp-partnername-apikey-post" }, "get":{ "tags":[ "Trusted Partner V1/API Key/IDP Partner" ], "summary":"View Partner API Key", "description":"Retrieve idp partner API Key, using admin credential authentication", "produces":[ "application/json" ], "parameters":[ { "name":"partnerName", "in":"path", "description":"Name of the partner", "required":true, "type":"string" } ], "responses":{ "200":{ "description":"OK", "schema":{ "$ref":"#/definitions/PartnerApiKeyInfo" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Service provider config missing for the given partner Name" } }, "x-internal-id":"oam-services-rest-v1-fed-admin-partners-idp-{partnerName}-apikey-get", "x-filename-id":"oam-services-rest-v1-fed-admin-partners-idp-partnername-apikey-get" } } }, "definitions":{ "statusResponse":{ "description":"Status Response", "properties":{ "status":{ "type":"integer", "format":"int32", "description":"Status Code: 1 for success and 0 for failure" }, "statusMessage":{ "type":"string", "description":"Status Message" } } }, "testSPInput":{ "description":"Test SP SSO Input", "type":"object", "properties":{ "enabled":{ "type":"string", "description":"Test SP SSO enable/disable flag", "enum":[ "true", "false" ] } }, "xml":{ "name":"testSPInput" } }, "configureFedGlobalInput":{ "description":"Configure Fed Global parameters signatureDigestAlgorithm, signingKeystoreAccessTemplateId, encryptionKeystoreAccessTemplateId", "type":"object", "properties":{ "signatureDigestAlgorithm":{ "type":"string", "description":"signatureDigestAlgorithm - fedglobal setting parameter" }, "signingKeystoreAccessTemplateId":{ "type":"string", "description":"signingKeystoreAccessTemplateId - fedglobal setting parameter" }, "encryptionKeystoreAccessTemplateId":{ "type":"string", "description":"encryptionKeystoreAccessTemplateId - fedglobal setting parameter" } }, "xml":{ "name":"testSPInput" } }, "ConfigureSSOInput":{ "description":"These parameters can be used to configure SSO service.", "type":"object", "required":[ "spTenantName", "idpProviderID", "preverify", "ssoFederation", "ssoChooser", "oamAdminUser", "oamAdminPassword", "oamAdminHost", "oamAdminPort", "oamLogoutDoneURL", "idpLabelLoginPage" ], "properties":{ "spTenantName":{ "type":"string", "description":"the customers' tenant name in the targeted service" }, "idpProviderID":{ "type":"string", "description":"provider ID for the IDP Partner" }, "preverify":{ "type":"string", "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the Federation service is correctly configured before the changes are performed in a subsequent call." }, "ssoFederation":{ "type":"string", "description":"indicates whether or not SSO should be enabled" }, "ssoChooser":{ "type":"string", "description":"indicates whether or not SSO should be enabled, true or false (ONLY FOR OIF)" }, "oamAdminUser":{ "type":"string", "description":"the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)" }, "oamAdminPassword":{ "type":"string", "description":"the password for the WLS Admin username used to issue an OAM admin command. Only used in FA Dedicated deployments (ONLY FOR OIF)" }, "oamAdminHost":{ "type":"string", "description":"the hostname where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)" }, "oamAdminPort":{ "type":"string", "description":"the port where WLS Admin server is installed. Only used in FA Dedicated deployments (ONLY FOR OIF)" }, "oamLogoutDoneURL":{ "type":"string", "description":"the URL where the user should be redirected after the logout is done (ONLY FOR OIF)" }, "idpLabelLoginPage":{ "type":"string", "description":"the label that will be used on the button to start Federation SSO on the Chooser Login page, when the customer uses disjoint population, where some must do Federation SSO and others must do local login for authentication (ONLY FOR OIF)" } }, "xml":{ "name":"ConfigureSSOInput" } }, "ssoOutput":{ "description":"Status Response", "properties":{ "ssoFederation":{ "type":"string", "description":"Indicates whether or not Federation SSO is enabled" }, "ssoChooser":{ "type":"string", "description":"Indicates whether or not Federation SSO is enabled, true or false (ONLY FOR OIF)" }, "oamLogoutDoneURL":{ "type":"string", "description":"The URL where the user should be redirected after the logout is done (ONLY FOR OIF)" } } }, "partnerInfo":{ "description":"Partner info", "type":"object", "properties":{ "metadataB64":{ "type":"string", "description":"Metadata Base64 encoded String" }, "partnerName":{ "type":"string", "description":"Partner name for the Partner" }, "nameIDFormat":{ "type":"string", "description":"NameID Format for the Partner" }, "ssoProfile":{ "type":"string", "description":"SSO Profile for the Partner" }, "providerID":{ "type":"string", "description":"ProviderID for the Partner" }, "assertionConsumerURL":{ "type":"string", "description":"AssertionConsumerURL for the Partner" }, "logoutRequestURL":{ "type":"string", "description":"LogoutRequestURL for the Partner" }, "logoutResponseURL":{ "type":"string", "description":"LogoutResponseURL for the Partner" }, "adminManualCreation":{ "type":"string", "description":"adminManualCreation for the Partner" }, "displaySigningCertDN":{ "type":"string", "description":"DisplaySigningCertDN for the Partner" }, "displaySigningCertIssuerDN":{ "type":"string", "description":"DisplaySigningCertIssuerDN for the Partner" }, "displaySigningCertStart":{ "type":"string", "description":"DisplaySigningCertStart for the Partner" }, "displaySigningCertExpiration":{ "type":"string", "description":"DisplaySigningCertExpiration for the Partner" }, "displayEncryptionCertDN":{ "type":"string", "description":"DisplayEncryptionCertDN for the Partner" }, "displayEncryptionCertIssuerDN":{ "type":"string", "description":"DisplayEncryptionCertIssuerDN for the Partner" }, "displayEncryptionCertStart":{ "type":"string", "description":"DisplayEncryptionCertStart for the Partner" }, "displayEncryptionCertExpiration":{ "type":"string", "description":"DisplayEncryptionCertExpiration for the Partner" } } }, "idpPartnerData":{ "description":"Data-Set of IDP Partner", "type":"object", "properties":{ "metadataB64":{ "type":"string", "description":"the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, idpmetadataurl will be used. If missing, the assertionConsumerServiceArtifactURL, assertionConsumerServicePOSTURL, logoutRequestURL, logoutResponseURL, signingCert and encryptionCert fields must be set, otherwise those fields will be ignored" }, "metadataURL":{ "type":"string", "description":"URL where the IdP metadata can be downloaded" }, "partnerType":{ "type":"string", "description":"Partner Type", "enum":[ "idp" ] }, "tenantName":{ "type":"string", "description":"the customer's tenant name in the targeted service. For example, the customer ACME Corp might be known in PaaS as acme and in Taleo as acmecorp. (only used if OIF is multi tenant enabled)" }, "tenantURL":{ "type":"string", "description":"the customers' tenant URL path. (only used if OIF is multi tenant enabled)" }, "partnerName":{ "type":"string", "description":"the partner name to be used" }, "nameIDFormat":{ "type":"string", "description":"the NameID format used during Federation SSO, emailaddress or unspecified. If emailaddress, then the NameID value of an Assertion created by the IdP will contain the user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user's ID", "enum":[ "emailaddress", "unspecified" ] }, "ssoProfile":{ "type":"string", "description":"the SAML 2.0 SSO profile to use", "enum":[ "artifact", "httppost" ] }, "attributeLDAP":{ "type":"string", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping" }, "attributeSAML":{ "type":"string", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping" }, "faWelcomePage":{ "type":"string", "description":"the default relay state to set in that IdP partner entry" }, "generateNewKeys":{ "type":"string", "description":"indicates whether or not new keys and corresponding self signed certificates should be generated for SAML operations, indicates if new cryptographic materials should be re-generated", "enum":[ "true", "false" ] }, "validityNewKeys":{ "type":"string", "description":"indicates the validity in days of the self signed certificates" }, "preverify":{ "type":"boolean", "description":"will test the data-set of idp partner but will not create the actual partner if set to 'true'" }, "providerID":{ "type":"string", "description":"the IdP's ProviderID" }, "ssoURL":{ "type":"string", "description":"the SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile" }, "ssoSOAPURL":{ "type":"string", "description":"the SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile" }, "logoutRequestURL":{ "type":"string", "description":"the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML" }, "logoutResponseURL":{ "type":"string", "description":"the URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse" }, "assertionConsumerURL":{ "type":"string", "description":"the URL that will be used by the IdP to redirect the user to the SP for the SSO Artifact profile with the SAML Artifact" }, "succinctID":{ "type":"string", "description":"the SHA-1 hash of the ProviderID" }, "signingCert":{ "type":"string", "description":"the Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions" }, "encryptionCert":{ "type":"string", "description":"the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages" }, "signatureDigestAlgorithm":{ "type":"string", "description":"indicates SAML signature hashing algorithm to be used. Possible values are SHA-1 or SHA-256. The default value is SHA-1 if this parameter has not been set" }, "signingKeystoreAccessTemplateId":{ "type":"string", "description":"indicates the Keystore access template id to be used in signing certificate. The default value is osts_signing if this parameter has not been set" }, "encryptionKeystoreAccessTemplateId":{ "type":"string", "description":"indicates the Keystore access template id to be used in encryption certificate. The default value is osts_encryption if this parameter has not been set" }, "adminFedInstanceType":{ "type":"string", "description":"adminFedInstanceType for the IDP Partner" } } }, "spPartnerData":{ "description":"Data-Set of SP Partner", "type":"object", "properties":{ "metadataB64":{ "type":"string", "description":"the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, metadataURL will be used" }, "metadataURL":{ "type":"string", "description":"URL where the SP metadata can be downloaded" }, "partnerType":{ "type":"string", "description":"Partner Type", "enum":[ "sp" ] }, "tenantName":{ "type":"string", "description":"the customers' tenant name in the PaaS (only used if OIF is multi tenant enabled)" }, "tenantURL":{ "type":"string", "description":": the customers' tenant URL path. (only used if OIF is multi tenant enabled; required)" }, "partnerName":{ "type":"string", "description":"the partner name to be used" }, "nameIDFormat":{ "type":"string", "description":"the NameID format used during Federation SSO. If emailaddress, then the NameID value of an Assertion created by the IdP will contain the user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user's ID", "enum":[ "emailaddress", "unspecified" ] }, "ssoProfile":{ "type":"string", "description":"the SAML 2.0 SSO profile to use", "enum":[ "httppost", "artifact" ] }, "generateNewKeys":{ "type":"string", "description":"indicates whether or not new keys and corresponding self signed certificates should be generated for SAML operations, also indicates if new cryptographic materials should be re-generated", "enum":[ "true", "false" ] }, "validityNewKeys":{ "type":"string", "description":"indicates the validity in days of the self signed certificates" }, "preverify":{ "type":"string", "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call" }, "providerID":{ "type":"string", "description":"the SP's ProviderID" }, "ssoURL":{ "type":"string", "description":"the SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile" }, "ssoSOAPURL":{ "type":"string", "description":"SSO SOAP URL for the SP Partner" }, "logoutRequestURL":{ "type":"string", "description":"the URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML" }, "logoutResponseURL":{ "type":"string", "description":"the URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse" }, "assertionConsumerURL":{ "type":"string", "description":"the SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion" }, "signingCert":{ "type":"string", "description":"the Base64 encoded X.509 Signing Certificate used by the SP to sign messages" }, "encryptionCert":{ "type":"string", "description":"the Base64 encoded X.509 Encryption Certificate used by the SP to decrypt encrypted SAML messages" }, "lastNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will not be set to firstname)" }, "firstNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will not be set to lastname)" }, "userNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will not be set to username)" }, "emailAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will not be set to email)" }, "staticAttrName":{ "type":"string", "description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required" }, "staticAttrValue":{ "type":"string", "description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required" }, "customAttrsStr":{ "type":"string", "description":"indicates a list of optional attributes (if missing, then the attribute will not be sent)" }, "signatureDigestAlgorithm":{ "type":"string", "description":"indicates SAML signature hashing algorithm to be used. Possible values are SHA-1 or SHA-256. The default value is SHA-1 if this parameter has not been set" }, "signingKeystoreAccessTemplateId":{ "type":"string", "description":"indicates the Keystore access template id to be used in signing certificate. The default value is osts_signing if this parameter has not been set" }, "encryptionKeystoreAccessTemplateId":{ "type":"string", "description":"indicates the Keystore access template id to be used in encryption certificate. The default value is osts_encryption if this parameter has not been set" }, "adminFedInstanceType":{ "type":"string", "description":"indicates the type of Federation partner", "enum":[ "facloud", "onpremise" ] } } }, "OrchestratorInput":{ "type":"object", "description":"Data-Set of IDP and SP Partner", "properties":{ "idpPartnerInfo":{ "type":"object", "description":"IDP Partner Info.", "properties":{ "metadataB64":{ "type":"string", "description":"the Base64 encoded metadata of the IdP server that will be sent to the SP. If not specified, metadataURL will be used" }, "metadataURL":{ "type":"string", "description":"URL where the IdP metadata can be downloaded" }, "partnerType":{ "type":"string", "description":"

the type of IDP to being configured:

NOTE: If emailaddress, then the NameID value of an Assertion created by the IdP will contain t IdP he user's email address; if unspecified, then the NameID value of an Assertion created by the IdP will contain the user ID. This will be sent to the remote SP partner REST service

", "enum":[ "emailaddres", "unspecified" ] }, "partnerName":{ "type":"string", "description":"the partner name to be used" }, "tenantName":{ "type":"string", "description":"the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)" }, "tenantURL":{ "type":"string", "description":"the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)" }, "tenantKeyName":{ "type":"string", "description":"tenant key name for IDP Partner" }, "tenantKeyValue":{ "type":"string", "description":"tenant key value for IDP Partner" }, "nameIDFormat":{ "type":"string", "description":"the NameID format used during Federation SSO", "enum":[ "emailaddress", "unspecified" ] }, "ssoProfile":{ "type":"string", "description":"the SAML 2.0 SSO profile to use", "enum":[ "artifact", "httppost" ] }, "attributeLDAP":{ "type":"string", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping" }, "attributeSAML":{ "type":"string", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping" }, "faWelcomePage":{ "type":"string", "description":"the default relay state to set in that will be used by the SP(optional)" }, "generateNewKeys":{ "type":"string", "description":"indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)", "enum":[ "true", "false" ] }, "validityNewKeys":{ "type":"string", "description":"indicates the validity in days of the self signed certificates" }, "preverify":{ "type":"boolean", "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service" }, "providerID":{ "type":"string", "description":"the IdP's ProviderID. This will be sent to the remote SP partner REST service succinctID: the SHA-1 hash of the IdP's ProviderID" }, "ssoURL":{ "type":"string", "description":"the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service" }, "ssoSOAPURL":{ "type":"string", "description":"the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service" }, "logoutRequestURL":{ "type":"string", "description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML . This will be sent to the remote SP partner REST service" }, "logoutResponseURL":{ "type":"string", "description":"the IdP URL that will be used by the SP to redirect the user to the IdP for the Logout Redirect profile with the SAML LogoutResponse. This will be sent to the remote SP partner REST service" }, "assertionConsumerURL":{ "type":"string", "description":"the SP SAML 2.0 Assertion Consumer service URL where the user will be redirected by the IdP with a SAML 2.0 Assertion" }, "succinctID":{ "type":"string", "description":"the SHA-1 hash of the IdP's ProviderID" }, "signingCert":{ "type":"string", "description":"the IdP Base64 encoded X.509 Signing Certificate used by the IdP to sign messages or assertions. This will be sent to the remote SP partner REST service" }, "encryptionCert":{ "type":"string", "description":"IdP the Base64 encoded X.509 Encryption Certificate used by the IdP to decrypt encrypted SAML messages. This will be sent to the remote SP partner REST service" }, "lastNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)" }, "firstNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)" }, "userNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)" }, "emailAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)" }, "staticAttrName":{ "type":"string", "description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required" }, "staticAttrValue":{ "type":"string", "description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required" }, "customAttrsStr":{ "type":"string", "description":"indicates a list of optional attributes should be sent by the IdP (if missing, then the attribute will not be sent)" }, "ssoMobile":{ "type":"string", "description":"Mobile SSO for the IDP Partner" }, "ssoChooser":{ "type":"string", "description":"indicates whether or not SSO should be enabled", "enum":[ "true", "false" ] }, "ssoFederation":{ "type":"string", "description":"indicates whether or not SSO should be enabled", "enum":[ "true", "false" ] }, "oamLogoutDoneURL":{ "type":"string", "description":"OAM Logout for the IDP Partner" }, "oamAdminUser":{ "type":"string", "description":"the WLS Admin username used to issue an OAM admin command" }, "oamAdminPassword":{ "type":"string", "description":"the password for the WLS Admin username used to issue an OAM admin command" }, "oamAdminHost":{ "type":"string", "description":"the hostname where WLS Admin server is installed" }, "oamAdminPort":{ "type":"integer", "description":"the port where WLS Admin server is installed" }, "adminFedInstanceType":{ "type":"string", "description":"indicates the type of Federation partner

NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server

", "enum":[ "facloud", "onpremise" ] } } }, "spPartnerInfo":{ "type":"object", "description":"SP Partner Info.", "properties":{ "metadataB64":{ "type":"string", "description":"the Base64 encoded metadata of the SP server that will be sent to the IdP. If not specified, spmetadataurl will be used" }, "metadataURL":{ "type":"string", "description":"URL where the SP metadata can be downloaded" }, "partnerType":{ "type":"string", "description":"the type of SP being configured " }, "partnerName":{ "type":"string", "description":"the partner name to be used" }, "tenantName":{ "type":"string", "description":"the tenant name for this IdP in the SP Multi tenant system (if the SP it MT aware)" }, "tenantURL":{ "type":"string", "description":"the tenant URL path for this IdP in the SP Multi tenant system(if the SP it MT aware)" }, "tenantKeyName":{ "type":"string", "description":"" }, "tenantKeyValue":{ "type":"string", "description":"" }, "nameIDFormat":{ "type":"string", "description":"the NameID format used during Federation SSO", "enum":[ "emailaddress", "unspecified" ] }, "ssoProfile":{ "type":"string", "description":"the SAML 2.0 SSO profile to use (artifact or httppost)", "enum":[ "artifact", "httppost" ] }, "attributeLDAP":{ "type":"string", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the LDAP attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping" }, "attributeSAML":{ "type":"string", "description":"indicates if mapping of the Assertion will be done via a SAML Attribute. This parameter indicates the SAML attribute to use. attributeLDAP and attributeSAML are both required for SAML attribute mapping to work. If specified, nameIDFormat is ignored for assertion mapping" }, "faWelcomePage":{ "type":"string", "description":"the default relay state to set in that will be used by the SP(optional)" }, "generateNewKeys":{ "type":"string", "description":"indicates whether or not new keys and corresponding self signed certificates should be generated by IdP for SAML operations. This will be sent to the remote SP partner REST service (optional). Also indicates if new cryptographic materials should be re-generated (true or false)", "enum":[ "true", "false" ] }, "validityNewKeys":{ "type":"string", "description":"indicates the validity in days of the self signed certificates" }, "preverify":{ "type":"boolean", "description":"boolean indicating if the call is to perform a pre-verification check. If true, the service will need to ensure the method can be invoked before the changes are performed in a subsequent call. This will be sent to the remote SP partner REST service" }, "providerID":{ "type":"string", "description":"Provider ID of the SP Partner" }, "ssoURL":{ "type":"string", "description":"the IdP SAML 2.0 Single Sign-On service URL where the user will be redirected by the SP with a SAML 2.0 AuthnRequest with Redirect profile. This will be sent to the remote SP partner REST service" }, "ssoSOAPURL":{ "type":"string", "description":"the IdP SAML 2.0 Single Sign-On service SOAP URL where the SP will send a SOAP request during the SSO Artifact profile. This will be sent to the remote SP partner REST service" }, "logoutRequestURL":{ "type":"string", "description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML" }, "logoutResponseURL":{ "type":"string", "description":"the SP URL that will be used by the IdP to redirect the user to the SP for the Logout Redirect profile with the SAML LogoutResponse" }, "assertionConsumerURL":{ "type":"string", "description":"Assertion Consumer URL for the SP Partner" }, "succinctID":{ "type":"string", "description":"Succinct ID for the SP Partner" }, "signingCert":{ "type":"string", "description":"the Base64 encoded X.509 SP Signing Certificate used by the SP to sign messages" }, "encryptionCert":{ "type":"string", "description":"the Base64 encoded X.509 SP Encryption Certificate used by the SP to decrypt encrypted SAML messages" }, "lastNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's last name (if missing, then the attribute name will be set to firstname)" }, "firstNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's first name (if missing, then the attribute name will be set to lastname)" }, "userNameAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the userID (if missing, then the attribute name will be set to username)" }, "emailAttrName":{ "type":"string", "description":"indicates the SAML Attribute name to use in the SAML 2.0 Assertion when including the user's email (if missing, then the attribute name will be set to email)" }, "staticAttrName":{ "type":"string", "description":"indicates if a static attribute should be sent and how it should be referenced (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required" }, "staticAttrValue":{ "type":"string", "description":"indicates if a static attribute should be sent and what value should be used (if missing, then the attribute will not be sent). staticAttrName and staticAttrValue are required" }, "customAttrsStr":{ "type":"string", "description":"indicates a list of optional attributes should be sent (if missing, then the attribute will not be sent)" }, "ssoMobile":{ "type":"string", "description":"Mobile SSO for the SP Partner" }, "ssoChooser":{ "type":"string", "description":"indicates whether or not SSO should be enabled", "enum":[ "true", "false" ] }, "ssoFederation":{ "type":"string", "description":"indicates whether or not SSO should be enabled", "enum":[ "true", "false" ] }, "testSP":{ "type":"string", "description":"true or false to indicate if the Test SP App should be enabled/disabled", "enum":[ "true", "false" ] }, "oamLogoutDoneURL":{ "type":"string", "description":"OAM Logout URL for the SP Partner" }, "oamAdminUser":{ "type":"string", "description":"the WLS admin for the SP server" }, "oamAdminPassword":{ "type":"string", "description":"the password for WLS admin for the SP server" }, "oamAdminHost":{ "type":"string", "description":"the hostname where WLS Admin server is installed" }, "oamAdminPort":{ "type":"integer", "description":"the port where WLS Admin server is installed" }, "adminFedInstanceType":{ "type":"string", "description":"indicates the type of Federation partner

NOTE: 'facloud': represents an FA SaaS Cloud OIF server, 'onpremise': represents a customer owned Federation server

", "enum":[ "facloud", "onpremise" ] } } }, "idpRestURL":{ "type":"string", "description":"the REST URL for the IdP server" }, "idpAdmin":{ "type":"string", "description":"the WLS admin for the IdP server" }, "idpAdminPassword":{ "type":"string", "description":"the password for WLS admin for the IdP server" }, "spRestURL":{ "type":"string", "description":"the REST URL for the SP server" }, "spAdmin":{ "type":"string", "description":"the WLS admin for the SP server" }, "spAdminPassword":{ "type":"string", "description":"the password for WLS admin for the SP server" }, "command":{ "type":"string", "description":"command for the orchestration" } }, "xml":{ "name":"OrchestratorInput" } }, "PartnerConfigBody":{ "required":[ "encryption", "signing" ], "type":"object", "properties":{ "encryption":{ "$ref":"#/definitions/PartnerCertificate" }, "signing":{ "$ref":"#/definitions/PartnerCertificate" } } }, "PartnerCertificate":{ "required":[ "useCert" ], "type":"object", "properties":{ "useCert":{ "type":"string" } } }, "PartnerApiKeyInfo":{ "required":[ "apiKey" ], "type":"object", "properties":{ "apiKey":{ "type":"string" } } } }, "securityDefinitions":{ "ApiKeyHeader":{ "type":"apiKey", "in":"header", "name":"apiKey" }, "ApiKeyQuery":{ "type":"apiKey", "in":"query", "name":"apiKey" } } }