Gigya Job Openings

ExternalIdP REST

Skip to end of metadata
Go to start of metadata

Description

This object contains the configuration parameters for an Identity Provider (IdP), when Gigya is the Service Provider (SP).

Data Members

Field NameTypeDescription
namestringA custom name for this provider.
Will be used as part of the Social Network ID: "saml-", e.g., saml-newIdP.
If the name is not provided, the entityID will be used as the name.
entityIDstringThe IdP’s entity ID, which is also called "issuer". This field is required.
singleSignOnServiceUrlURLThe URL for the IdP’s SSO service. This field is required.
singleSignOnServiceBindingstringThe type of SSO binding. The default value is "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".
singleLogoutServiceUrlURLThe URL for the IdP's single logout service. This field is optional.
singleLogoutServiceBindingstringThe type of SLO binding. The default value is "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".
nameIDFormatstring

The format for the nameID. The default value is: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".

Unable to render {include} The included page could not be found.

attributeMapobject

A mapping of IdP attributes to Gigya Identity fields - existing fields or custom fields. 

The mapping format is as follows: { “idpAtttribute” : “gigya_field”}, e.g., { “urn:oid:2.5.4.42” : “LastName”, “urn:oid:2.5.4.44” : “FirstName” }.
In this example, the IdP "urn:oid:2.5.4.42" attribute is mapped to identity.LastName, and the IdP "urn:oid2.5.4.44” attribute is mapped to identity.FirstName.

You can map IdP attributes to the following existing Gigya attributes

    • ProviderUID
    • Country
    • City
    • Email
    • FirstName
    • LastName
    • Zip
    • Gender
    • samlData.myCustomField

We also allow mapping to a custom identity field, not only to an existing one. An attribute can be mapped to this custom identity field by mapping it to a name like samlData.myCustomField.

There is a special field that can be mapped as the ProviderUID. This allows defining an attribute different than the nameID to be used for the providerUID of the user. If configured, the attribute will have precedence over the nameID.

Note: If you map an IdP attribute to Gigya's ProviderUID, and upon login the mapped attribute cannot be retrieved from provider's auth response, the login will fail.​ You will have to either remove the mapping or change it to the appropriate available attribute of the IdP (if such exists).
 

certificatestringThe IDP x509 certificate.
spSigningAlgorithmstring

The signing algorithm defined for the IdP. May be one of the following:

  • SHA1
  • SHA256