All Products
Search
Document Center

CloudSSO:ListExternalSAMLIdPCertificates

Last Updated:Mar 28, 2024

Queries Security Assertion Markup Language (SAML) signing certificates.

Operation description

This topic provides an example on how to query the SAML signing certificates within the directory d-00fc2p61****. The returned result shows that the directory contains one SAML signing certificate.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
cloudsso:ListExternalSAMLIdPCertificatesList
  • Directory
    acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
DirectoryIdstringYes

The ID of the directory.

d-00fc2p61****

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request.

400979BC-92EC-58B9-B47C-6913BD56A6FD
TotalCountsinteger

The total number of entries returned.

1
SAMLIdPCertificatesobject []

The SAML signing certificates.

SerialNumberstring

The serial number of the certificate.

159289587****
Issuerstring

The issuer of the certificate.

1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US
Versioninteger

The version of the certificate.

3
CertificateIdstring

The ID of the certificate.

idp-c-00dt9gnl7fmjaw9c****
PublicKeystring

The public key of the certificate. The value of this parameter is in the PEM format and is Base64-encoded.

MIIBIjANBgkqhkiG****
SignatureAlgorithmstring

The signature algorithm of the certificate.

SHA256withRSA
NotAfterstring

The time when the certificate expires.

2030-06-23T07:04:37Z
NotBeforestring

The time when the certificate was created.

2020-06-23T07:03:37Z
Subjectstring

The subject of the certificate.

1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US
X509Certificatestring

The X.509 certificate in the PEM format.

MIIDpDCCAoygAwIBAgIG****

Examples

Sample success responses

JSONformat

{
  "RequestId": "400979BC-92EC-58B9-B47C-6913BD56A6FD",
  "TotalCounts": 1,
  "SAMLIdPCertificates": [
    {
      "SerialNumber": "159289587****",
      "Issuer": "1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US",
      "Version": 3,
      "CertificateId": "idp-c-00dt9gnl7fmjaw9c****",
      "PublicKey": "MIIBIjANBgkqhkiG****",
      "SignatureAlgorithm": "SHA256withRSA",
      "NotAfter": "2030-06-23T07:04:37Z",
      "NotBefore": "2020-06-23T07:03:37Z",
      "Subject": "1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US",
      "X509Certificate": "MIIDpDCCAoygAwIBAgIG****"
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history