POST /api/login/ssoLogin

Logs the user in to an external identity system such as Facebook, for a login domain set up on the platform.

Note: Login domains might support SSO login via POST or GET. For example, an OpenID Connect Relying Party domain might support a response mode of query, fragment, or form_post. If the domain supports form_post, POST /api/login/ssoLogin is used. If the domain supports query or fragment, GET /api/login/ssoLogin is used.

The specific processing that occurs with this operation depends on the login domain being used, as specified in the domain parameter in the request message. For example:

  • CA Siteminder domain: the operation looks for the SMSESSION cookie header.
  • SAML Web SSO domain: it looks for the SAML assertion in query or form parameters.
  • OpenID Connect Relying Party domain (includes Google and Facebook connectors in the platform): the platform references the domain setup, applying the OpenID Connect specification to see what should be used for the SSO token; for example, id_token.

With SSO Login, depending on the domain being used, and the protocol that it implements, the requirements of the request message are different.

Authorization Roles/Permissions: Anyone can run this operation.

This topic includes the following sections:

HTTP Method

POST

Back to top

URL

https://{hostname}/api/login/ssoLogin

Back to top

Sample Request

The examples below shows an SSO login request for an LDAP domain. The first example sends the domain parameter in the POST content, the second sends it in the path.

Note: In processing the request, the platform looks for the domain parameter first in the POST content, and then in the path.

Request URL #1 (LDAP)

Domain parameter is not included in the path, it is sent in the POST content (see sample request body #1).

http://acmepaymentscorp.com/api/login/ssoLogin

Request URL #2 (LDAP)

Domain parameter is sent in the path, and other parameters are sent in the POST content (see sample request body #2).

http://acmepaymentscorp.com/api/login/ssoLogin/LdapAutomation1acmepaymentscorp

Sample request headers

Host: {hostname}
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: JSESSIONID_pm60=1gsjqvxu1cgnj1th05legkdfvo

Sample request body #1 (LDAP)

identity_username=MaryMartinson&secret_password=MyPassword11&domain=LdapAutomation1acmepaymentscorp

Sample request body #2 (LDAP)

identity_username=MaryMartinson&secret_password=MyPassword11

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json
Content-Type application/x-www-form-urlencoded

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
domain Form String Required Unique ID for the valid platform login domain that the user has chosen to log in on.

Back to top

Response

If successful, this operation returns HTTP status code 200, and the user's login request is processed. If all other login tasks are complete, the user is logged in. If not, the user is directed to the next login task.

Back to top

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

HTTP/1.1 200 OK
Content-Type: application/json
Expires: Mon, 28 Sep 2015 15:23:14 GMT
Set-Cookie: SignupToken_acmepaymentescorp=Fbnw5YUYLtPVfzTCxtriPKVdB9m7xO7ALwGyt8_f2MiZg
1393OGQISkdqSwAtm-1nakXzGLmC_uw3ipUj-ZlHY5NhVjuykWvri5pKVNJhJPyKs2gLN_40SkKGJ7Dc
DDLTPi4id31yKJ6CDFPCEK7OSycu3fpuvYCCwDv_pfKE5kFrOtW1mFN2whcUNhboAyT9KioLrKREdBr7kc8c

Sample response body #1

User is logged in.

{
  "state" : "registered",
  "response" : {
    "userName" : "Engineering100user100",
    "loginState" : "login.complete",
    "loginDomainID" : "f6b0cfa2-7985-4363-9dc7-8f00df8ea83a.acmepaymentescorp",
    "userFDN" : "9b633341-0aa9-4160-8f81-b70c55355aaf.acmepaymentescorp",
    "pendingNotifications" : 0
  },
  "status" : "Active"
}

Sample response body #2

In the example below, the user still needs to accept the signup agreement, so the user's state value is pending_validation. The user is redirected to a page for accepting the agreement.

{
  "state" : "pending_validation",
  "status" : "Disabled",
  "response" : {
    "userName" : "Engineering100user100",
    "pendingAgreements" : [ "signupagrmtv1.acmepaymentescorp" ],
    "loginDomainID" : "1d3c5eaf-f575-4844-be74-fc94eb091479.acmepaymentescorp",
    "userFDN" : "64471a3a-16c4-42d4-b09d-e12e8294f927.acmepaymentescorp",
    "pendingNotifications" : 0
  },
  "signupCode" : "Fbnw5YUYLtPVfzTCxtriPKVdB9m7xO7ALwGyt8_f2MiZg1393OGQISkdqSwAtm-1nakXzGLmC_uw3ipUj-
ZlHY5NhVjuykWvri5pKVNJhJPyKs2gLN_40SkKGJ7DcDDLTPi4id31yKJ6CDFPCEK7OSycu3fpuvYCCwDv_pfKE5kFrOtW1mFN2whcUNhboAyT9KioLrKREdBr7kc8c"
}

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json

Back to top

Response Body

The response body depends on the domain used. Some possible val

Name Type Description
LoginData LoginData Contains data associated with a user's login.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics