POST /oauth/login/ssoLogin
Allows a user to log in for OAuth authorization purposes by authenticating with an identity provider that has its own login screen, providing SSO is enabled for the OAuth Provider and the identity provider it's using. Examples: Facebook, Google. Sets the OAuthToken_{OAuthProviderName} cookie and redirects the user. Also for LDAP users. Uses HTTP POST.
In the payload, the domain name is required. Other parameters will be required depending on the domain. For example:
- For a SAML Web SSO domain, the SAML assertion will be in the payload.
- For an LDAP domain, the LDAP username and password will be in the payload.
- For a CA SiteMinder domain configured with username/password, those are the required values; for a CA SiteMinder domain that uses the SMSESSION cookie, there is no content in the payload other than the domain, but the information is sent in the cookie.
- For an OpenID Connect Relying Party domain, the ID token will be in the payload.
For information on why you might choose one or the other, see OAuth Operations: GET or POST?
Note: If the LDAP domain name includes special characters, such as %, &, or #, remember to encode them in the Domain input parameter. For example, for a domain name of OpenID Connector, you'd need to encode the URL with %25, like this: http://{oauth-provider-hostname}/oauth/login/ssoLogin?Domain=OpenID%25Connector.
Authorization Roles/Permissions: Anyone can run this operation.
This topic includes the following sections:
HTTP Method
POST
URL
https://{oauth-provider-url}/oauth/login/ssoLogin
Sample Request
The example below shows an SSO login request.
Sample Request URL
https://{oauth-provider-url}/oauth/login/ssoLogin
Sample request headers
Content-Type: application/x-www-form-urlencoded Accept: application/json
Sample request body #1
The request body is any SSO token, if available, that the identity provider domain can use. Also, optionally, the Domain parameter:
Domain=[domain-name]
Sample request body #2: LDAP user login (resource owner)
When the resource owner is logging in, the Domain parameter is not needed. The platform uses the resource owner authentication domain specified for the OAuth Provider.
identity_username=ldapuser01&secret_password=MyPassword123
Request Headers
For general information on request header values, refer to HTTP Request Headers.
Header | Description |
---|---|
Accept | application/json |
Content-Type | application/x-www-form-urlencoded |
Request Parameters
Request parameters are determined by the authentication domain. For more information, see Managing SSO Login for OAuth on the Platform.
Parameter | Parm Type | Data Type | Required | Description |
---|---|---|---|---|
Domain | Path | string | Optional | Optional domain name parameter. If this parameter is missing, the platform uses the resource owner authentication domain. |
identity_xxxx | Path | string | All parameters that start with identity_ are used as identity parameters. For LDAP and OpenID Connect Relying Party domains, use identity_username. | |
secret_xxxx | Path | string | All parameters that start with secret_ are used as secret parameters. For LDAP and OpenID Connect Relying Party domains, use secret_password. |
Response
If successful, this operation returns HTTP status code 200, with a cookie that will be used for subsequent requests. For non-browser scenarios, the application must save this cookie and include it in every request. The cookie name includes the OAuth Provider name. Cookie name: OAuthToken_{OAuthProviderName}.
The response includes the UserName and DomainName of the user. Example: { "DomainName" : "Local Domain", "UserName" : "Rep1" }.
Sample Response
The sample response below shows successful completion of this operation.
Sample response headers
Set-Cookie: AtmoAuthToken_acmepaymentscorp: TokenID%3D480a3a7c-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3Durn%3Aacmepaymentscorp%3Auser %3Aacmepaymentscorp%3A8fb17266-354a-4032-96fb-2208ae7b4da4%2CissueTime%3D1436207946162%2CexpirationTime%3D1436209746144%2CAttributes Included%3Dfalse%2CUserFDN%3D8fb17266-354a-4032-96fb-2208ae7b4da4%252Eacmepaymentscorp%2CUserName%3Dadminacmepaymentscorp%2Csig %3Dd5YEgxmZQaCgfp64gs0EL1ttryepO3kWTwu4gO12OxLF6sjpcrojVKUf0X8heu9eoi8WlEd9ZIN7vPNgi6pu-XZ883L-OkD9fYnN4ktbRPwHQ2Phaa1H1bXaCpfgpeI8q6u DjeqX_awH70N6-QQKrhF5n9Lm5PYCKciKNWTSWVooauthRedirectInfoCookie: %7B%22accessTokenUrl%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22 %2C%22providerEndpoint%22%3A%22%2Fapi%2Fdevconsole%2Foauth%2Faccesstoken%22%2C%22queryString%22%3A%22session_key%3Dapiv%253D090888 a5-27f8-454e-8319-c7900d1da4bc.acmepaymentscorp%2526scope%253DScope1%2526appRuntimeId%253D5tRKCWjfz599pLJ8Te4tvn1D.acmepaymentscorp %2526granttype%253Dauthorization_code%2526policy_type%253DOAuth%2525202.0%2526appsecret%253De4d5949f72473acc151b34065f69169099ebe732 %2526appid%253Dacmepaymentscorp-5tRKCWjfz599pLJ8Te4tvn1D%2526token_url%253Dhttp%253A%252F%252F{hostname}%252Foauth%252Foauth20%252Ftoken% 2526opname%253DGetDiscussions%2526policy_key%253Doauth%2526guid%253Daf880c48-1389-4da4-98e5-2fb29dcca155%2526auz_url%253Dhttp%253A %252F%252F{hostname}%252Foauth%252Fauz%252Fauthorize%2526callback%253Dhttp%253A%252F%252F{hostname}%252Fui%252Fapps%252Facmepaymentscorp %252F_VcuNfhlXb0PE8hHDxAx9OhA%252Fresources%252Fconsole%252Fglobal%252Foauthclientredirect.html%253Fdynamic%25253Dtrue %2526signature_method%253DSharedSecret%2526apienv%253DProduction%2526token_verb%253DPOST%22%7D OAuthToken_acmepaymentscorp: TokenID%3D57d30fc7-240e-11e5-a1b9-8945fbb2b0eb%2Cclaimed_id%3DLDAP_acmepaymentscorp%5Ceng100 %2CissueTime%3D1436207972636%2CexpirationTime%3D1436208572626%2Csig%3DlOsIenU6JM-dYquJKhKMdKarQRtef4ALY5Abuls7KV5jaPgWapM1w0Y thq0I1hJvMJ7xlWj8haU3OvM4b6I3LgGWGvw5_Uws935JKLW57xiti_UC2IvxFDrAIg4xx2k-x-icqUDsWfVGNfjWlun43_uRM667RjGOkh_ZmU2xq0Q
Sample response body
Not applicable.
Response Headers
For general information on response header values, refer to HTTP Response Headers.
Header | Description |
---|---|
Set-Cookie | The OAuthToken_{OAuthProviderName} cookie. |
Response Body
Not applicable.
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
Item | Value |
---|---|
500 | An error occurred processing the call. |
More information about Akana OAuth API error messages.