Update SAML Connection by Metadata URL

// PUT /v1/b2b/sso/saml/{organization_id}/connections/{connection_id}/url
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  organization_id: "${organizationId}",
  connection_id: "${samlConnectionId}",
  metadata_url: "${exampleIdpMetadataUrl}",
};

const options = {
  authorization: {
    session_token: '${sessionToken}',
  },
};

client.SSO.SAML.UpdateByURL(params, options)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "status_code": 123,
  "connection": {
    "organization_id": "<string>",
    "connection_id": "<string>",
    "status": "<string>",
    "idp_entity_id": "<string>",
    "display_name": "<string>",
    "idp_sso_url": "<string>",
    "acs_url": "<string>",
    "audience_uri": "<string>",
    "signing_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "verification_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "encryption_private_keys": [
      {
        "private_key_id": "<string>",
        "private_key": "<string>",
        "created_at": "<string>"
      }
    ],
    "saml_connection_implicit_role_assignments": [
      {
        "role_id": "<string>"
      }
    ],
    "saml_group_implicit_role_assignments": [
      {
        "role_id": "<string>",
        "group": "<string>"
      }
    ],
    "alternative_audience_uri": "<string>",
    "identity_provider": "<string>",
    "nameid_format": "<string>",
    "alternative_acs_url": "<string>",
    "idp_initiated_auth_disabled": true,
    "allow_gateway_callback": true,
    "attribute_mapping": {}
  }
}

PUT

b2b

sso

saml

{organization_id}

connections

{connection_id}

url

// PUT /v1/b2b/sso/saml/{organization_id}/connections/{connection_id}/url
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  organization_id: "${organizationId}",
  connection_id: "${samlConnectionId}",
  metadata_url: "${exampleIdpMetadataUrl}",
};

const options = {
  authorization: {
    session_token: '${sessionToken}',
  },
};

client.SSO.SAML.UpdateByURL(params, options)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "status_code": 123,
  "connection": {
    "organization_id": "<string>",
    "connection_id": "<string>",
    "status": "<string>",
    "idp_entity_id": "<string>",
    "display_name": "<string>",
    "idp_sso_url": "<string>",
    "acs_url": "<string>",
    "audience_uri": "<string>",
    "signing_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "verification_certificates": [
      {
        "certificate_id": "<string>",
        "certificate": "<string>",
        "issuer": "<string>",
        "created_at": "<string>",
        "expires_at": "<string>",
        "updated_at": "<string>"
      }
    ],
    "encryption_private_keys": [
      {
        "private_key_id": "<string>",
        "private_key": "<string>",
        "created_at": "<string>"
      }
    ],
    "saml_connection_implicit_role_assignments": [
      {
        "role_id": "<string>"
      }
    ],
    "saml_group_implicit_role_assignments": [
      {
        "role_id": "<string>",
        "group": "<string>"
      }
    ],
    "alternative_audience_uri": "<string>",
    "identity_provider": "<string>",
    "nameid_format": "<string>",
    "alternative_acs_url": "<string>",
    "idp_initiated_auth_disabled": true,
    "allow_gateway_callback": true,
    "attribute_mapping": {}
  }
}

RBAC Enforced APIIf a Member Session is passed in the Authorization headers, Stytch will enforce that the Member has permission to take the Action on the Resource prior to honoring the request.To learn more, see the RBAC guide.

A newly created connection will not become active until all the following are provided:

idp_sso_url
attribute_mapping (must be supplied via Update SAML Connection)
idp_identity_id
x509_certificates

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Headers

X-Stytch-Member-Session

string

A Stytch session that can be used to run the request with the given member's permissions.

X-Stytch-Member-SessionJWT

string

A Stytch Session JSON Web Token (JWT) that can be used to run the request with the given member's permissions.

Path Parameters

organization_id

string

required

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

connection_id

string

required

Globally unique UUID that identifies a specific SSO connection_id for a Member.

Body

application/json

Request type

metadata_url

string

required

A URL that points to the IdP metadata. This will be provided by the IdP.

Response

Successful response

request_id

string

required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code

integer<int32>

required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

connection

object

The SAML Connection Object

Show child attributes

⌘I