Skip to main content
API Explorer|API Explorer
Infrastructure/Federation & SSO
POSTFederationSince 1.0SynchronousAuth Required

CreateSSOConfig

SSO Config CRUD Create a new global SSO configuration.

Execution Availability

Try It Out

Submit a mock request using the current auth context and example-driven inputs.

Request Inputs

Body Fields

  • tenantUuidStringRequired

    Deprecated and ignored. SSO configurations are global.

    Example: deprecated-tenant-uuid

  • displayNameStringRequired

    Human-readable display name for the new SSO configuration.

    Example: Corporate SSO

  • providerTypeStringRequired

    Identity provider type for the new SSO configuration: OIDC, SAML, or LDAP.

    Example: OIDC

  • protocolStringRequired

    Authentication protocol used by this SSO configuration.

    Example: oidc

  • oidcConfigObjectRequired

    Oidc config

    • clientIdString

      OAuth 2.0 client identifier issued by the OIDC provider.

      Example: my-client-id

    • clientSecretString

      OAuth 2.0 client secret issued by the OIDC provider.

      Example: s3cr3t

    • wellKnownUrlString

      URL of the OIDC provider well-known discovery document.

      Example: https://idp.example.com/.well-known/openid-configuration

    • redirectUriString

      Redirect URI registered with the OIDC provider for the callback.

      Example: https://zcf.example.com/sso/callback

    • scopeString

      Space-separated OAuth 2.0 scopes requested during authentication.

      Example: openid profile email

    • configNameString

      Human-readable name identifying this OIDC configuration.

      Example: Corporate OIDC

Responses

200 OK

On success, this API returns the following response structure.

  • uuidString

    Unique identifier of the SSO configuration.

    Example: sso-cfg-001

  • tenantUuidString

    Deprecated and ignored. SSO configurations are global.

    Example: deprecated-tenant-uuid

  • issuerString

    Issuer URL that uniquely identifies this SSO configuration.

    Example: https://idp.example.com

  • displayNameString

    Human-readable display name for this SSO configuration.

    Example: Corporate SSO

  • providerTypeString

    Type of identity provider, e.g. OIDC, SAML, or LDAP.

    Example: OIDC

  • protocolString

    Authentication protocol used by this SSO configuration.

    Example: oidc

  • oidcConfigObject

    Oidc config

    • clientIdString

      OAuth 2.0 client identifier issued by the OIDC provider.

      Example: my-client-id

    • clientSecretString

      OAuth 2.0 client secret issued by the OIDC provider.

      Example: s3cr3t

    • wellKnownUrlString

      URL of the OIDC provider well-known discovery document.

      Example: https://idp.example.com/.well-known/openid-configuration

    • redirectUriString

      Redirect URI registered with the OIDC provider for the callback.

      Example: https://zcf.example.com/sso/callback

    • scopeString

      Space-separated OAuth 2.0 scopes requested during authentication.

      Example: openid profile email

    • configNameString

      Human-readable name identifying this OIDC configuration.

      Example: Corporate OIDC

  • samlConfigObject

    SAML config

    • idpEntityIdString

      Entity ID of the SAML Identity Provider.

      Example: https://idp.example.com/saml/metadata

    • idpSsoUrlString

      Single Sign-On service URL of the Identity Provider.

      Example: https://idp.example.com/saml/sso

    • idpSloUrlString

      Single Logout service URL of the Identity Provider.

      Example: https://idp.example.com/saml/slo

    • idpCertificateString

      PEM-encoded X.509 certificate of the Identity Provider.

      Example: -----BEGIN CERTIFICATE----- ...

    • idpMetadataUrlString

      URL to fetch the Identity Provider metadata XML document.

      Example: https://idp.example.com/saml/metadata.xml

    • spEntityIdString

      Entity ID of the SAML Service Provider (this application).

      Example: https://zcf.example.com/saml/sp

    • nameIdFormatString

      NameID format used to identify the subject in SAML assertions.

      Example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    • signRequestsBoolean

      Whether to cryptographically sign outgoing SAML AuthnRequests.

      Example: true

    • forceAuthnBoolean

      Whether to force re-authentication even if a valid IDP session exists.

      Example: false

    • spCertificatePemString

      PEM-encoded X.509 certificate used by the Service Provider for request signing.

      Example: -----BEGIN CERTIFICATE----- ...

  • ldapConfigObject

    LDAP config

    • serverAddressString

      Hostname or IP address of the LDAP server.

      Example: ldap.example.com

    • portInteger

      TCP port on which the LDAP server is listening.

      Example: 389

    • baseDnString

      Base Distinguished Name used as the root for LDAP searches.

      Example: dc=example,dc=com

    • bindDnString

      Distinguished Name of the service account used to bind to LDAP.

      Example: cn=admin,dc=example,dc=com

    • bindPasswordString

      Password for the LDAP bind account.

      Example: bindP@ssw0rd

    • userSearchBaseString

      Base DN under which user entries are searched.

      Example: ou=users,dc=example,dc=com

    • userSearchFilterString

      LDAP search filter expression used to locate user entries.

      Example: (uid=%s)

    • useSslBoolean

      Whether to use SSL/TLS when connecting to the LDAP server.

      Example: true

  • userProvisioningString

    User provisioning strategy applied when a user logs in for the first time.

    Example: auto

  • groupProvisioningString

    Group provisioning strategy for synchronizing IDP groups to ZCF.

    Example: sync

  • attributeMappingsLinkedHashMap

    Attribute mapping rules between identity provider and local fields

    Example: (nested object)

  • groupMappingsList

    Group mappings

    Example: (nested array)

    • idpGroupString

      Name of the group as defined in the Identity Provider.

      Example: idp-admins

    • zcfRoleString

      ZCF role that members of the IDP group are assigned.

      Example: admin

  • sourceString

    Source system that created or manages this SSO configuration.

    Example: manual

  • statusString

    Current lifecycle status of this SSO configuration.

    Example: active

  • enabledBoolean

    Whether this SSO configuration is enabled and accepting logins.

    Example: true

  • lastTestAtString

    Last test at

    Example: 2026-01-15T08:00:00Z

  • lastTestResultString

    Result of the most recent connectivity test for this configuration.

    Example: success

  • createdAtString

    Created at

    Example: 2026-01-15T08:00:00Z

  • updatedAtString

    Updated at

    Example: 2026-01-15T08:00:00Z

Endpoint

POST/api/v1/sso/configurations

/api/v1/sso/configurations

Operation ID

CreateSSOConfig

Permalink

Request Example

curl -X POST '{host}/api/v1/sso/configurations' -H 'Authorization: Bearer {token}' -H 'Content-Type: application/json' -d '{"tenantUuid":"deprecated-tenant-uuid","displayName":"Corporate SSO","providerType":"OIDC","protocol":"oidc","oidcConfig":{"clientId":"my-client-id","clientSecret":"s3cr3t","wellKnownUrl":"https://idp.example.com/.well-known/openid-configuration","redirectUri":"https://zcf.example.com/sso/callback","scope":"openid profile email","configName":"Corporate OIDC"},"samlConfig":{"idpEntityId":"https://idp.example.com/saml/metadata","idpSsoUrl":"https://idp.example.com/saml/sso","idpSloUrl":"https://idp.example.com/saml/slo","idpCertificate":"-----BEGIN CERTIFICATE-----\n...","idpMetadataUrl":"https://idp.example.com/saml/metadata.xml","spEntityId":"https://zcf.example.com/saml/sp","nameIdFormat":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress","signRequests":true,"forceAuthn":false,"spCertificatePem":"-----BEGIN CERTIFICATE-----\n..."},"ldapConfig":{"serverAddress":"ldap.example.com","port":389,"baseDn":"dc=example,dc=com","bindDn":"cn=admin,dc=example,dc=com","bindPassword":"bindP@ssw0rd","userSearchBase":"ou=users,dc=example,dc=com","userSearchFilter":"(uid=%s)","useSsl":true},"userProvisioning":"auto","groupProvisioning":"sync","attributeMappings":"(nested object)","groupMappings":"(nested array)"}'

Response Example

200
{
  "uuid": "sso-cfg-001",
  "issuer": "https://idp.example.com",
  "displayName": "Corporate SSO",
  "providerType": "OIDC",
  "protocol": "oidc",
  "oidcConfig": {},
  "samlConfig": {}
}

Change History

This API has no change history records yet.

View all change history