GetSSOConfig

On success, this API returns the following response structure.

• uuidString

  Unique identifier of the SSO configuration.

  Example: sso-cfg-001

• tenantUuidString

  Deprecated and ignored. SSO configurations are global.

  Example: deprecated-tenant-uuid

• issuerString

  Issuer URL that uniquely identifies this SSO configuration.

  Example: https://idp.example.com

• displayNameString

  Human-readable display name for this SSO configuration.

  Example: Corporate SSO

• providerTypeString

  Type of identity provider, e.g. OIDC, SAML, or LDAP.

  Example: OIDC

• protocolString

  Authentication protocol used by this SSO configuration.

  Example: oidc

• oidcConfigObject

  Oidc config

  Show child properties

  • clientIdString

    OAuth 2.0 client identifier issued by the OIDC provider.

    Example: my-client-id

  • clientSecretString

    OAuth 2.0 client secret issued by the OIDC provider.

    Example: s3cr3t

  • wellKnownUrlString

    URL of the OIDC provider well-known discovery document.

    Example: https://idp.example.com/.well-known/openid-configuration

  • redirectUriString

    Redirect URI registered with the OIDC provider for the callback.

    Example: https://zcf.example.com/sso/callback

  • scopeString

    Space-separated OAuth 2.0 scopes requested during authentication.

    Example: openid profile email

  • configNameString

    Human-readable name identifying this OIDC configuration.

    Example: Corporate OIDC

• samlConfigObject

  SAML config

  Show child properties

  • idpEntityIdString

    Entity ID of the SAML Identity Provider.

    Example: https://idp.example.com/saml/metadata

  • idpSsoUrlString

    Single Sign-On service URL of the Identity Provider.

    Example: https://idp.example.com/saml/sso

  • idpSloUrlString

    Single Logout service URL of the Identity Provider.

    Example: https://idp.example.com/saml/slo

  • idpCertificateString

    PEM-encoded X.509 certificate of the Identity Provider.

    Example: -----BEGIN CERTIFICATE----- ...

  • idpMetadataUrlString

    URL to fetch the Identity Provider metadata XML document.

    Example: https://idp.example.com/saml/metadata.xml

  • spEntityIdString

    Entity ID of the SAML Service Provider (this application).

    Example: https://zcf.example.com/saml/sp

  • nameIdFormatString

    NameID format used to identify the subject in SAML assertions.

    Example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

  • signRequestsBoolean

    Whether to cryptographically sign outgoing SAML AuthnRequests.

    Example: true

  • forceAuthnBoolean

    Whether to force re-authentication even if a valid IDP session exists.

    Example: false

  • spCertificatePemString

    PEM-encoded X.509 certificate used by the Service Provider for request signing.

    Example: -----BEGIN CERTIFICATE----- ...

• ldapConfigObject

  LDAP config

  Show child properties

  • serverAddressString

    Hostname or IP address of the LDAP server.

    Example: ldap.example.com

  • portInteger

    TCP port on which the LDAP server is listening.

    Example: 389

  • baseDnString

    Base Distinguished Name used as the root for LDAP searches.

    Example: dc=example,dc=com

  • bindDnString

    Distinguished Name of the service account used to bind to LDAP.

    Example: cn=admin,dc=example,dc=com

  • bindPasswordString

    Password for the LDAP bind account.

    Example: bindP@ssw0rd

  • userSearchBaseString

    Base DN under which user entries are searched.

    Example: ou=users,dc=example,dc=com

  • userSearchFilterString

    LDAP search filter expression used to locate user entries.

    Example: (uid=%s)

  • useSslBoolean

    Whether to use SSL/TLS when connecting to the LDAP server.

    Example: true

• userProvisioningString

  User provisioning strategy applied when a user logs in for the first time.

  Example: auto

• groupProvisioningString

  Group provisioning strategy for synchronizing IDP groups to ZCF.

  Example: sync

• attributeMappingsLinkedHashMap

  Attribute mapping rules between identity provider and local fields

  Example: (nested object)

• groupMappingsList

  Group mappings

  Example: (nested array)

  Show child properties

  • idpGroupString

    Name of the group as defined in the Identity Provider.

    Example: idp-admins

  • zcfRoleString

    ZCF role that members of the IDP group are assigned.

    Example: admin

• sourceString

  Source system that created or manages this SSO configuration.

  Example: manual

• statusString

  Current lifecycle status of this SSO configuration.

  Example: active

• enabledBoolean

  Whether this SSO configuration is enabled and accepting logins.

  Example: true

• lastTestAtString

  Last test at

  Example: 2026-01-15T08:00:00Z

• lastTestResultString

  Result of the most recent connectivity test for this configuration.

  Example: success

• createdAtString

  Created at

  Example: 2026-01-15T08:00:00Z

• updatedAtString

  Updated at

  Example: 2026-01-15T08:00:00Z