/** * authentik * Making authentication simple. * * The version of the OpenAPI document: 2026.2.3-rc1 * Contact: hello@goauthentik.io * * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). * https://openapi-generator.tech * Do not edit the class manually. */ import type { DigestAlgorithmEnum } from './DigestAlgorithmEnum'; import type { SignatureAlgorithmEnum } from './SignatureAlgorithmEnum'; import type { SAMLNameIDPolicyEnum } from './SAMLNameIDPolicyEnum'; import type { SAMLLogoutMethods } from './SAMLLogoutMethods'; import type { SAMLBindingsEnum } from './SAMLBindingsEnum'; /** * SAMLProvider Serializer * @export * @interface SAMLProviderRequest */ export interface SAMLProviderRequest { /** * * @type {string} * @memberof SAMLProviderRequest */ name: string; /** * Flow used for authentication when the associated application is accessed by an un-authenticated user. * @type {string} * @memberof SAMLProviderRequest */ authenticationFlow?: string | null; /** * Flow used when authorizing this provider. * @type {string} * @memberof SAMLProviderRequest */ authorizationFlow: string; /** * Flow used ending the session from a provider. * @type {string} * @memberof SAMLProviderRequest */ invalidationFlow: string; /** * * @type {Array} * @memberof SAMLProviderRequest */ propertyMappings?: Array; /** * * @type {string} * @memberof SAMLProviderRequest */ acsUrl: string; /** * Single Logout Service URL where the logout response should be sent. * @type {string} * @memberof SAMLProviderRequest */ slsUrl?: string; /** * Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added. * @type {string} * @memberof SAMLProviderRequest */ audience?: string; /** * Also known as EntityID * @type {string} * @memberof SAMLProviderRequest */ issuer?: string; /** * Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3). * @type {string} * @memberof SAMLProviderRequest */ assertionValidNotBefore?: string; /** * Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). * @type {string} * @memberof SAMLProviderRequest */ assertionValidNotOnOrAfter?: string; /** * Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3). * @type {string} * @memberof SAMLProviderRequest */ sessionValidNotOnOrAfter?: string; /** * Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered * @type {string} * @memberof SAMLProviderRequest */ nameIdMapping?: string | null; /** * Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate. * @type {string} * @memberof SAMLProviderRequest */ authnContextClassRefMapping?: string | null; /** * * @type {DigestAlgorithmEnum} * @memberof SAMLProviderRequest */ digestAlgorithm?: DigestAlgorithmEnum; /** * * @type {SignatureAlgorithmEnum} * @memberof SAMLProviderRequest */ signatureAlgorithm?: SignatureAlgorithmEnum; /** * Keypair used to sign outgoing Responses going to the Service Provider. * @type {string} * @memberof SAMLProviderRequest */ signingKp?: string | null; /** * When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. * @type {string} * @memberof SAMLProviderRequest */ verificationKp?: string | null; /** * When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key. * @type {string} * @memberof SAMLProviderRequest */ encryptionKp?: string | null; /** * * @type {boolean} * @memberof SAMLProviderRequest */ signAssertion?: boolean; /** * * @type {boolean} * @memberof SAMLProviderRequest */ signResponse?: boolean; /** * * @type {boolean} * @memberof SAMLProviderRequest */ signLogoutRequest?: boolean; /** * This determines how authentik sends the response back to the Service Provider. * @type {SAMLBindingsEnum} * @memberof SAMLProviderRequest */ spBinding?: SAMLBindingsEnum; /** * This determines how authentik sends the logout response back to the Service Provider. * @type {SAMLBindingsEnum} * @memberof SAMLProviderRequest */ slsBinding?: SAMLBindingsEnum; /** * Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding). * @type {SAMLLogoutMethods} * @memberof SAMLProviderRequest */ logoutMethod?: SAMLLogoutMethods; /** * Default relay_state value for IDP-initiated logins * @type {string} * @memberof SAMLProviderRequest */ defaultRelayState?: string; /** * * @type {SAMLNameIDPolicyEnum} * @memberof SAMLProviderRequest */ defaultNameIdPolicy?: SAMLNameIDPolicyEnum; } /** * Check if a given object implements the SAMLProviderRequest interface. */ export declare function instanceOfSAMLProviderRequest(value: object): value is SAMLProviderRequest; export declare function SAMLProviderRequestFromJSON(json: any): SAMLProviderRequest; export declare function SAMLProviderRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): SAMLProviderRequest; export declare function SAMLProviderRequestToJSON(json: any): SAMLProviderRequest; export declare function SAMLProviderRequestToJSONTyped(value?: SAMLProviderRequest | null, ignoreDiscriminator?: boolean): any; //# sourceMappingURL=SAMLProviderRequest.d.ts.map