addSAMLServer - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The addSAMLServer operation handles configuration related to SAMLServer model.

HTTP request

POST /api/fdm/v6/object/samlservers

Data Parameters

Parameter	Required	Type	Description
name	False	string	A String object containing the name of the SAML object. The string can be upto a maximum of 128 characters.
description	False	string	Description of object; no more than 200 characters Field level constraints: length must be between 0 and 200 (inclusive), must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
samlIssuerURL	True	string	URL/IP address at which the SAML provider will provide metadata. Some SAML providers present this URL as "Entity ID". Length should be no less than 4 and no more than 256. Field level constraints: cannot be null, length must be between 4 and 256 (inclusive). (Note: Additional constraints might exist)
signInURL	True	string	URL/IP address at which the SAML provider will accept incoming requests to authenticate a user. Length should be no less than 4 and no more than 500. Field level constraints: cannot be null, length must be between 4 and 500 (inclusive). (Note: Additional constraints might exist)
signOutURL	True	string	(Optional) URL/IP address at which the SAML provider will accept incoming requests to log out. Length should be no less than 4 and no more than 500. Field level constraints: length must be between 4 and 500 (inclusive). (Note: Additional constraints might exist)
samlIssuerCert	True	object	Trusted CA certificate provided by SAML provider. Field level constraints: cannot be null. (Note: Additional constraints might exist) Allowed types are: [ExternalCACertificate]
ftdCert	False	object	(Optional) Trusted CA certificate provided to the SAML provider. Allowed types are: [InternalCertificate]
requestTimeout	False	integer	(Optional) If specified, this configuration overrides NotOnOrAfter if the sum of NotBefore and timeout-in-seconds is earlier than NotOnOrAfter. Minimum value is 1, maximum value is 7200. If set to null, NotBefore and NotOnOrAfter in the assertion is used to determine the validity. Field level constraints: must be between 1 and 7200 (inclusive). (Note: Additional constraints might exist)
serverOnInternalNetwork	False	boolean	(Optional) Flag indicating the SAML provider in on an inside network. If set to true, the sensor work in a gateway mode. Default value is false.
reAuthAtLogin	False	boolean	Require users to re-authenticate when logging into the SAML Server.
signatureType	False	string	(Optional) Type of algorithm to use when signing outgoing SAML requests. Valid values are: SHA1, SHA256, SHA384 or SHA512. Set if null to not sign.
type	True	string	samlserver

Example

curl -X POST \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    -d '{
        "description": "string",
        "ftdCert": {
            "id": "string",
            "name": "string",
            "type": "string",
            "version": "string"
        },
        "id": "string",
        "name": "string",
        "reAuthAtLogin": true,
        "requestTimeout": 0,
        "samlIssuerCert": {
            "id": "string",
            "name": "string",
            "type": "string",
            "version": "string"
        },
        "samlIssuerURL": "string",
        "serverOnInternalNetwork": true,
        "signInURL": "string",
        "signOutURL": "string",
        "signatureType": "SHA1",
        "type": "samlserver",
        "version": "string"
    }' \
    "https://${HOST}:${PORT}/api/fdm/v6/object/samlservers"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def add_saml_server(client, body):
    return client.SAMLServer.addSAMLServer(
        body=body
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)

    body = {'description': 'string',
 'ftdCert': {'id': 'string',
             'name': 'string',
             'type': 'string',
             'version': 'string'},
 'name': 'string',
 'reAuthAtLogin': True,
 'requestTimeout': 0,
 'samlIssuerCert': {'id': 'string',
                    'name': 'string',
                    'type': 'string',
                    'version': 'string'},
 'samlIssuerURL': 'string',
 'serverOnInternalNetwork': True,
 'signInURL': 'string',
 'signOutURL': 'string',
 'signatureType': 'SHA1',
 'type': 'samlserver'}

    add_saml_server(client, body)