SamlSsoConfig

Represents a SAML Single Sign-On configuration. This object is available in API version 32.0 and later.

Single sign-on is a process that allows network users to access all authorized network resources without having to log in separately to each resource. Single sign-on allows you to validate usernames and passwords against your corporate user database or other client application rather than having separate user passwords managed by Salesforce.

Supported Calls

describeSObjects()query()retrieve()

Fields

Field Name Details
AttributeFormat
Type
string
Properties
Filter, Group, Nillable, Sort
Description
For SAML 2.0 only and when identityLocation is set to Attribute. Possible values include unspecified, emailAddress or persistent. All legal values can be found in the “Name Identifier Format Identifiers” section of the Assertions and Protocols SAML 2.0 specification.
AttributeName
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The name of the identity provider’s application. Get this name value from your identity provider.
Audience
Type
string
Properties
Filter, Group, Sort
Description

The Issuer, also called the “Entity ID.” The value is a URL that uniquely identifies the SAML identity provider.

DeveloperName
Type
string
Properties
Filter, Group, Sort
Description
The unique name of the object in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. In managed packages, this field prevents naming conflicts on package installations. With this field, a developer can change the object’s name in a managed package, and the changes are reflected in a subscriber’s organization.
ErrorUrl
Type
string
Properties
Filter, Nillable, Sort
Description
The URL of the page users should be directed to if there’s an error during SAML login. It must be a publicly accessible page, such as a public site Visualforce page. The URL can be absolute or relative.
ExecutionUserID
Type
reference
Properties
Filter, Group, Nillable, Sort
Description

The user that runs the Apex handler class. The user must have the “Manage Users” permission. A user is required if you specify a SAML JIT handler class.

IdentityLocation
Type
picklist
Properties
Filter, Group, Restricted picklist, Sort
Description
The location in the assertion where a user is identified. Valid values are:
  • SubjectNameId—The identity is in the <Subject> statement of the assertion.
  • Attribute—The identity is specified in an <AttributeValue>, located in the <Attribute> of the assertion.
IdentityMapping
Type
picklist
Properties
Filter, Group, Restricted picklist, Sort
Description
The identifier that the service provider uses for the user during Just-in-Time user provisioning. Valid values are:
  • Username—The user’s Salesforce username.
  • FederationId—The federation ID from the user object; the identifier that’s used by the service provider for the user.
  • UserId—The user ID from the user’s Salesforce organization.
Issuer
Type
string
Properties
Filter, idLookup, Group, Sort
Description
Also called the “Entity ID.” The value is a URL that uniquely identifies the SAML identity provider.
Language
Type
picklist
Properties
Filter, Group, Restricted picklist, Sort
Description

The language for the organization.

LoginUrl
Type
string
Properties
Filter, Nillable, Sort
Description
For SAML 2.0 only: The URL where Salesforce sends a SAML request to start the login sequence.
LogoutUrl
Type
string
Properties
Filter, Nillable, Sort
Description
For SAML 2.0 only: The URL to direct users to where they click the Logout link. The default is http://www.salesforce.com.
MasterLabel
Type
string
Properties
Filter, Group, Sort
Description

The text that’s used to identify the Visualforce page in the Setup area of Salesforce.

NamespacePrefix
Type
string
Properties
Filter, Group, Nillable, Sort
Description
The namespace prefix associated with this object. Each Developer Edition organization that creates a managed package has a unique namespace prefix. Limit: 15 characters. You can refer to a component in a managed package by using the namespacePrefix__componentName notation.

The namespace prefix can have one of the following values:

  • In Developer Edition organizations, the namespace prefix is set to the namespace prefix of the organization for all objects that support it. There is an exception if an object is in an installed managed package. In that case, the object has the namespace prefix of the installed managed package. This field’s value is the namespace prefix of the Developer Edition organization of the package developer.
  • In organizations that are not Developer Edition organizations, NamespacePrefix is only set for objects that are part of an installed managed package. There is no namespace prefix for all other objects.
OptionsSpInitBinding
Type
boolean
Properties
Filter
Description

The service provider initiated request binding, either HTTP Redirect (true) or HTTP POST (false).

OptionsUserProvisioning
Type
boolean
Properties
Filter
Description
If true, Just-in-Time user provisioning is enabled, which creates users on the fly the first time that they try to log in. Specify Federation ID for the identityMapping value to use this feature.
RequestSignatureMethod
Type
picklist
Properties
Filter, Group, Nillable, Restricted picklist, Sort
Description
The method that’s used to sign the SAML request. Valid values are:
  • RSA-SHA1
  • RSA-SHA256
SamlJitHandlerId
Type
reference
Properties
Filter, Group, Nillable, Sort
Description

The name of an existing Apex class that implements the Auth.SamlJitHandler interface.

SingleLogoutBinding
Type
string
Properties
Filter, Sort, Nillable
Description
Determines where to put the LogoutRequest or LogoutResponse in the SAML request during single logout (SLO). The value is base64 encoded. Valid values are:
  • RedirectBinding — Sent in the querystring, deflated.
  • PostBinding — Sent in the POST body, not deflated.
SingleLogoutUrl
Type
string
Properties
Filter, Sort, Nillable
Description
The SAML single logout endpoint. This URL is the endpoint where Salesforce sends LogoutRequests (when Salesforce initiates a logout), or LogoutResponses (when the identity provider initiates a logout).
ValidationCert
Type
string
Properties
Filter, Sort
Description
The certificate that’s used to validate the request. Get this certificate value from your identity provider.
Version
Type
picklist
Properties
Filter, Group, Restricted picklist, Sort
Description
The SAML version. Valid values are:
  • SAML1_1
  • SAML2_2