/icws/connection/single-sign-on/identity-providers/{identityProviderId}

Feature Version
connection 3

GET

/icws/connection/single-sign-on/identity-providers/{identityProviderId}

Starts the single sign-on process with the specified identity provider. Applications running in a web browser should not handle the responses directly and allow the web browser to perform the necessary steps. Other applications should refer to the HTTP status codes and headers and react appropriately while ignoring the response body.
Feature Version
connection 3

Request

Parameters
Type
Name
Comments
Template
identityProviderId

Required

An identifier specifying the identity provider.

    Header
    ININ-ICWS-Original-URL

    Specifies the URL that the client is using to request resources from the server through a proxy that is rewriting URLs to reach the server.

    Ideally, the client should not set this value. Instead, the proxy should set it with its authority if it is not specified by a previous proxy.

    Example: ININ-ICWS-Original-URL: https://proxy/api/server/icws/connection/version/

      Query
      singleSignOnCapabilities

      Required

      A comma delimited list of client capabilities for single sign-on. The server will make a decision on how to contact the identity provider through the client. The currently supported options are:

      • saml2Post - SAML 2.0 HTTP POST capability. Recommended for web browser-based applications.
      • saml2Redirect - SAML 2.0 HTTP redirect capability. Recommended for other types of applications.

      Example: singleSignOnCapabilities=saml2Redirect,saml2Post

        Query
        webBrowserApplicationOrigin

        Specifies origin of the client running inside a web browser. This is used as the target origin for sending the token via window.postMessage.

        If not specified, the token will not be issued via window.postMessage for security reasons.

        For origins not using the standard HTTP ports (80 for HTTP and 443 for HTTPS), the port must be specified on the URL along with the scheme.

        For example, an application running at https://applicationHost/theApplication, use webBrowserApplicationOrigin=https%3A%2F%2FapplicationHost.

          Query
          redirectUri

          After completing the single sign-on process, the ICWS server directs the client back to the URI specified by this parameter.

          When this process is used, the icws_sso_response cookie will be set on the redirect to the client. This cookie should be provided to GET /icws/connection/single-sign-on/response to retreive the results from the single sign-on process.

          Feature Version
          connection 5

            Response

            200 - OK
            The server has sent an HTML page with information that must be sent to the identity provider. The resulting form on the HTML page should be automatically submitted to the identity provider using POST.
            Content-Type: text/html
            302 - Found
            The server has indicated that the identity provider is located at the specified location. The subsequent request should be issued with a new GET request.
            Parameters
            Type
            Name
            Comments
            Header
            Location

            Required

            Specifies the URL of the provider that the client should redirect to.

            Example: Location: https://identityProvider/login?singleSignOnRequest=dafsdt35rasdfad43674

              303 - See Other (since HTTP/1.1)
              The server has indicated that the identity provider is located at the specified location. The subsequent request should be issued with a new GET request.
              Parameters
              Type
              Name
              Comments
              Header
              Location

              Required

              Specifies the URL of the provider that the client should redirect to.

              Example: Location: https://identityProvider/login?singleSignOnRequest=dafsdt35rasdfad43674

                400 - Bad Request
                The request was invalid. This can occur when the message body is malformed or missing required items. This will also occur if a required header or query string parameter is missing or invalid.
                Content-Type: text/html
                404 - Not Found
                The specified identity provider does not exist.
                Content-Type: text/html
                500 - Internal Server Error
                An unexpected error occurred while processing the request.
                Content-Type: text/html
                410 - Gone
                This resource has been deprecated and removed from the API.
                error
                Provides additional detail for an error.
                Property
                Value
                Comments
                errorId
                String
                The error identifier that describes the current error.
                message
                String

                Required

                A message that describes the current error.