ListSSOConfigs

On success, this API returns the following response structure.

• itemsList

  Collection of result items

  Example: (nested array)

  Show child properties

  • uuidString

    Unique identifier of the SSO configuration.

    Example: sso-cfg-001

  • tenantUuidString

    Deprecated and ignored. SSO configurations are global.

    Example: deprecated-tenant-uuid

  • issuerString

    Issuer URL that uniquely identifies this SSO configuration.

    Example: https://idp.example.com

  • displayNameString

    Human-readable display name for this SSO configuration.

    Example: Corporate SSO

  • providerTypeString

    Type of identity provider, e.g. OIDC, SAML, or LDAP.

    Example: OIDC

  • protocolString

    Authentication protocol used by this SSO configuration.

    Example: oidc

  • oidcConfigObject

    Oidc config

    Show child properties

    • clientIdString

      OAuth 2.0 client identifier issued by the OIDC provider.

      Example: my-client-id

    • clientSecretString

      OAuth 2.0 client secret issued by the OIDC provider.

      Example: s3cr3t

    • wellKnownUrlString

      URL of the OIDC provider well-known discovery document.

      Example: https://idp.example.com/.well-known/openid-configuration

    • redirectUriString

      Redirect URI registered with the OIDC provider for the callback.

      Example: https://zcf.example.com/sso/callback

    • scopeString

      Space-separated OAuth 2.0 scopes requested during authentication.

      Example: openid profile email

    • configNameString

      Human-readable name identifying this OIDC configuration.

      Example: Corporate OIDC

  • samlConfigObject

    SAML config

    Show child properties

    • idpEntityIdString

      Entity ID of the SAML Identity Provider.

      Example: https://idp.example.com/saml/metadata

    • idpSsoUrlString

      Single Sign-On service URL of the Identity Provider.

      Example: https://idp.example.com/saml/sso

    • idpSloUrlString

      Single Logout service URL of the Identity Provider.

      Example: https://idp.example.com/saml/slo

    • idpCertificateString

      PEM-encoded X.509 certificate of the Identity Provider.

      Example: -----BEGIN CERTIFICATE----- ...

    • idpMetadataUrlString

      URL to fetch the Identity Provider metadata XML document.

      Example: https://idp.example.com/saml/metadata.xml

    • spEntityIdString

      Entity ID of the SAML Service Provider (this application).

      Example: https://zcf.example.com/saml/sp

    • nameIdFormatString

      NameID format used to identify the subject in SAML assertions.

      Example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    • signRequestsBoolean

      Whether to cryptographically sign outgoing SAML AuthnRequests.

      Example: true

    • forceAuthnBoolean

      Whether to force re-authentication even if a valid IDP session exists.

      Example: false

    • spCertificatePemString

      PEM-encoded X.509 certificate used by the Service Provider for request signing.

      Example: -----BEGIN CERTIFICATE----- ...

  • ldapConfigObject

    LDAP config

    Show child properties

    • serverAddressString

      Hostname or IP address of the LDAP server.

      Example: ldap.example.com

    • portInteger

      TCP port on which the LDAP server is listening.

      Example: 389

    • baseDnString

      Base Distinguished Name used as the root for LDAP searches.

      Example: dc=example,dc=com

    • bindDnString

      Distinguished Name of the service account used to bind to LDAP.

      Example: cn=admin,dc=example,dc=com

    • bindPasswordString

      Password for the LDAP bind account.

      Example: bindP@ssw0rd

    • userSearchBaseString

      Base DN under which user entries are searched.

      Example: ou=users,dc=example,dc=com

    • userSearchFilterString

      LDAP search filter expression used to locate user entries.

      Example: (uid=%s)

    • useSslBoolean

      Whether to use SSL/TLS when connecting to the LDAP server.

      Example: true

  • userProvisioningString

    User provisioning strategy applied when a user logs in for the first time.

    Example: auto

  • groupProvisioningString

    Group provisioning strategy for synchronizing IDP groups to ZCF.

    Example: sync

  • attributeMappingsLinkedHashMap

    Attribute mapping rules between identity provider and local fields

    Example: (nested object)

  • groupMappingsList

    Group mappings

    Example: (nested array)

    Show child properties

    • idpGroupString

      Name of the group as defined in the Identity Provider.

      Example: idp-admins

    • zcfRoleString

      ZCF role that members of the IDP group are assigned.

      Example: admin

  • sourceString

    Source system that created or manages this SSO configuration.

    Example: manual

  • statusString

    Current lifecycle status of this SSO configuration.

    Example: active

  • enabledBoolean

    Whether this SSO configuration is enabled and accepting logins.

    Example: true

  • lastTestAtString

    Last test at

    Example: 2026-01-15T08:00:00Z

  • lastTestResultString

    Result of the most recent connectivity test for this configuration.

    Example: success

  • createdAtString

    Created at

    Example: 2026-01-15T08:00:00Z

  • updatedAtString

    Updated at

    Example: 2026-01-15T08:00:00Z

• totalInteger

  Total number of SSO configurations matching the query.

  Example: 5

• limitInteger

  Maximum number of items returned in this page.

  Example: 20

• offsetInteger

  Zero-based offset of the first item in this page.

  Example: 20