Docs Menu
Docs Home
/
MongoDB Cloud Manager
/
API
/
Resources
/
Federated Authentication

Return All Connected Identity Providers

On this page

  • Required Roles
  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Response Document
  • results Embedded Document
  • Example SAML Request
  • Example SAML Response
  • Example OIDC Request
  • Example OIDC Response

The federationSettings resource allows you to return all identity providers for a federated authentication configuration.

Required Roles

You must have the Organization Owner role for at least one connected organization in the federation configuration to call this endpoint.

Resource

GET /federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders/

Request Path Parameters

Name
Type
Description

FEDERATION-SETTINGS-ID

string

Unique 24-hexadecimal digit string that identifies the federated authentication configuration.

Request Query Parameters

The following query parameters are optional:

Name
Type
Necessity
Description
Default

pageNum

number

Optional

One-based integer that returns a subsection of results.

1

itemsPerPage

number

Optional

Number of items to return per page, up to a maximum of 500.

100

pretty

boolean

Optional

Flag that indicates whether the response body should be in a prettyprint format.

false

envelope

boolean

Optional

Flag that indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope : true in the query.

For endpoints that return a list of results, the results object is an envelope. Cloud Manager adds the status field to the response body.

false

protocol

string

Optional

The protocol(s) of the target IdPs. Possible values are:

  • SAML

  • OIDC

If this is not specified, this enpoint only returns SAML IdPs.

SAML

Request Body Parameters

This endpoint doesn't use HTTP request body parameters.

Response

Response Document

The response JSON document includes an array of result objects, an array of link objects and a count of the total number of result objects retrieved.

Name
Type
Description

results

array

Array includes one object for each item detailed in the results Embedded Document section.

links

array

Array includes one or more links to sub-resources and/or related resources. The relations between URLs are explained in the Web Linking Specification.

totalCount

number

Integer count of the total number of items in the result set. It may be greater than the number of objects in the results array if the entire result set is paginated.

results Embedded Document

Each document in the results array contains the federated authentication configuration for each connected organization.

Name
Type
Description

acsUrl

string

Assertion consumer service URL to which the IdP sends the SAML response.

associatedDomains

array

List that contains the configured domains from which users can log in for this IdP.

associatedOrgs

array

List that contains the organizations from which users can log in for this IdP.

audienceUri

string

Identifier for the intended audience of the SAML Assertion.

displayName

string

Human-readable label that identifies the IdP.

issuerUri

string

Identifier for the issuer of the SAML Assertion.

oktaIdpId

string

Unique 20-hexadecimal digit string that identifies the IdP.

pemFileInfo

array

List that contains the file information, including: start date, and expiration date for the identity provider's PEM-encoded public key certificate.

Name
Type
Description

certificates

array

List that contains the start date and expiration date for the identity provider's PEM-encoded public key certificate.

fileName

string

Label that identifies the file containing the identity provider's PEM-encoded public key certificate.

requestBinding

string

SAML Authentication Request Protocol binding used to send the AuthNRequest. Cloud Manager supports the following binding values:

  • HTTP POST

  • HTTP REDIRECT

responseSignatureAlgorithm

string

Algorithm used to encrypt the IdP signature. Cloud Manager supports the following signature algorithm values:

  • SHA-1

  • SHA-256

ssoDebugEnabled

boolean

Flag that indicates whether the IdP has SSO debugging enabled.

ssoUrl

string

URL of the receiver of the SAML AuthNRequest.

status

string

Label that indicates whether the identity provider is active. The IdP is Inactive until you map at least one domain to the IdP.

Example SAML Request

curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
     --header "Accept: application/json" \
     --header "Content-Type: application/json" \
     --include \
     --request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders"

Example SAML Response

{
 "links": [
     {
         "links" : [ {
 "href" : "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders?pretty=true&pageNum=1&itemsPerPage=100",
         "rel": "self"
     }
 ],
 "results": [
     {
         "acsUrl" : "https://example.mongodb.com/sso/saml2/12345678901234567890",
         "associatedDomains" : [ ],
         "associatedOrgs" : [ ],
         "audienceUri" : "https://www.example.com/saml2/service-provider/abcdefghij1234567890",
         "displayName" : "Test",
         "issuerUri" : "urn:123456789000.us.provider.com",
         "oktaIdpId" : "1234567890abcdefghij",
         "pemFileInfo" : {
             "certificates" : [ {
                "notAfter" : "2035-09-29T15:03:55Z",
                "notBefore" : "2022-01-20T15:03:55Z"
             } ],
             "fileName" : "file.pem"
         },
         "requestBinding" : "HTTP-POST",
         "responseSignatureAlgorithm" : "SHA-256",
         "ssoDebugEnabled" : true,
         "ssoUrl" : "https://123456789000.us.provider.com/samlp/12345678901234567890123456789012",
         "status" : "INACTIVE"
     } ],
 "totalCount": 1
}

Example OIDC Request

curl --user "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest \
     --header "Accept: application/json" \
     --header "Content-Type: application/json" \
     --include \
     --request GET "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders?protocol=OIDC"

Example OIDC Response

{
 "links": [
     {
         "links" : [ {
 "href" : "https://cloud.mongodb.com/api/public/v1.0/federationSettings/{FEDERATION-SETTINGS-ID}/identityProviders?pretty=true&pageNum=1&itemsPerPage=100",
         "rel": "self"
     }
 ],
 "results": [
     {
         "associatedDomains": [],
         "associatedOrgs": [],
         "audienceClaim": [
             "audience"
         ],
         "clientId": "clientId",
         "description": "OIDC IdP response example",
         "displayName": "OIDC IdP",
         "groupsClaim": "groups",
         "id": "32b6e34b3d91647abb20e7b8",
         "issuerUri": "issuer.com",
         "oktaIdpId": null,
         "protocol": "OIDC",
         "requestedScopes": [
             "scopes"
         ],
         "userClaim": "sub"
     }
 ],
 "totalCount": 1
}

Back

Return Role Mapping

Next

Return Identity Provider