/*! * Copyright (c) 2017-present, Okta, Inc. and/or its affiliates. All rights reserved. * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") * * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and limitations under the License. */ /** * Okta Admin Management * Allows customers to easily access the Okta Management APIs * * OpenAPI spec version: 5.1.0 * Contact: devex-public@okta.com * * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). * https://openapi-generator.tech * Do not edit the class manually. */ import { AcsEndpoint } from './../models/AcsEndpoint'; import { SamlAssertionEncryption } from './../models/SamlAssertionEncryption'; import { SamlAttributeStatement } from './../models/SamlAttributeStatement'; import { SamlSpCertificate } from './../models/SamlSpCertificate'; import { SignOnInlineHook } from './../models/SignOnInlineHook'; import { SingleLogout } from './../models/SingleLogout'; import { SloParticipate } from './../models/SloParticipate'; /** * SAML 2.0 sign-on attributes. > **Note:** Set either `destinationOverride` or `ssoAcsUrl` to configure any other SAML 2.0 attributes in this section. */ export declare class SamlApplicationSettingsSignOn { /** * An array of ACS endpoints. You can configure a maximum of 100 endpoints. */ 'acsEndpoints'?: Array; /** * Determines whether the app allows you to configure multiple ACS URIs */ 'allowMultipleAcsEndpoints': boolean; 'assertionEncryption'?: SamlAssertionEncryption; /** * Determines whether the SAML assertion is digitally signed */ 'assertionSigned': boolean; /** * A list of custom attribute statements for the app\'s SAML assertion. See [SAML 2.0 Technical Overview](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html). There are two types of attribute statements: | Type | Description | | ---- | ----------- | | EXPRESSION | Generic attribute statement that can be dynamic and supports [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language/) | | GROUP | Group attribute statement | */ 'attributeStatements'?: Array; /** * The entity ID of the SP. Use the entity ID value exactly as provided by the SP. */ 'audience': string; /** * Audience override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). */ 'audienceOverride'?: string; /** * Identifies the SAML authentication context class for the assertion\'s authentication statement */ 'authnContextClassRef': SamlApplicationSettingsSignOnAuthnContextClassRefEnum; /** * The list of dynamic attribute statements for the SAML assertion inherited from app metadata (apps from the OIN) during app creation. There are two types of attribute statements: `EXPRESSION` and `GROUP`. */ 'configuredAttributeStatements'?: Array; /** * Identifies a specific application resource in an IdP-initiated SSO scenario */ 'defaultRelayState'?: string; /** * Identifies the location inside the SAML assertion where the SAML response should be sent */ 'destination': string; /** * Destination override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). */ 'destinationOverride'?: string; /** * Determines the digest algorithm used to digitally sign the SAML assertion and response */ 'digestAlgorithm': SamlApplicationSettingsSignOnDigestAlgorithmEnum; /** * Set to `true` to prompt users for their credentials when a SAML request has the `ForceAuthn` attribute set to `true` */ 'honorForceAuthn': boolean; /** * SAML Issuer ID */ 'idpIssuer': string; /** * Associates the app with SAML inline hooks. See [the SAML assertion inline hook reference](https://developer.okta.com/docs/reference/saml-hook/). */ 'inlineHooks'?: Array; 'participateSlo'?: SloParticipate; /** * The location where the app may present the SAML assertion */ 'recipient': string; /** * Recipient override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). */ 'recipientOverride'?: string; /** * Determines whether the SAML request is expected to be compressed */ 'requestCompressed': boolean; /** * Determines whether the SAML authentication response message is digitally signed by the IdP > **Note:** Either (or both) `responseSigned` or `assertionSigned` must be `TRUE`. */ 'responseSigned': boolean; /** * Determines the SAML app session lifetimes with Okta */ 'samlAssertionLifetimeSeconds'?: number; /** * Determines the signing algorithm used to digitally sign the SAML assertion and response */ 'signatureAlgorithm': SamlApplicationSettingsSignOnSignatureAlgorithmEnum; 'slo'?: SingleLogout; 'spCertificate'?: SamlSpCertificate; /** * The issuer ID for the Service Provider. This property appears when SLO is enabled. */ 'spIssuer'?: string; /** * Single Sign-On Assertion Consumer Service (ACS) URL */ 'ssoAcsUrl': string; /** * Assertion Consumer Service (ACS) URL override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). */ 'ssoAcsUrlOverride'?: string; /** * Identifies the SAML processing rules. Supported values: */ 'subjectNameIdFormat': SamlApplicationSettingsSignOnSubjectNameIdFormatEnum; /** * Template for app user\'s username when a user is assigned to the app */ 'subjectNameIdTemplate': string; static readonly discriminator: string | undefined; static readonly attributeTypeMap: Array<{ name: string; baseName: string; type: string; format: string; }>; static getAttributeTypeMap(): { name: string; baseName: string; type: string; format: string; }[]; constructor(); } export type SamlApplicationSettingsSignOnAuthnContextClassRefEnum = 'urn:federation:authentication:windows' | 'oasis:names:tc:SAML:2.0:ac:classes:Kerberos' | 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password' | 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' | 'urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient' | 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified' | 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'; export type SamlApplicationSettingsSignOnDigestAlgorithmEnum = 'SHA1' | 'SHA256'; export type SamlApplicationSettingsSignOnSignatureAlgorithmEnum = 'RSA_SHA1' | 'RSA_SHA256'; export type SamlApplicationSettingsSignOnSubjectNameIdFormatEnum = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' | 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' | 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' | 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' | 'urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName';