Okta API - how to specify attribute statements for WS-Federation app?

Questions API
1

Is there a way to set an Attribute Statement for a Templated WS Federation app (‘signOnMode’ = ‘WS_FEDERATION’) using the API?

01 - Tried the answer in SAML app- Is there API to update attribute statement - The app gets created without error, but there are no attributes when I look in the portal.

{
  "name": "template_wsfed",
  "label": "Test App",
  "signOnMode": "WS_FEDERATION",
  "settings": {
    "app": {
    [...]
    },
    "signOn": {
      "attributeStatements": [
        {
          "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
          "values": [
            "user.id"
          ],
          "namespace": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
          "type": "GENERIC"
        }
      ]
    }
  }
}

02 - Tried manually creating an attribute in the portal then doing an Apps API GET - The response contains the app, with no sign of the attribute in the response body.

03 - There’s a settings.app.attributeStatements = null in the response body - tried to POST a new app with the attribute in there, and got "errorSummary": "Type mismatch exception. ",

{
  "name": "template_wsfed",
  "label": "Test App",
  "signOnMode": "WS_FEDERATION",
  "settings": {
    "app": {
      "attributeStatements": [
        {
          "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
          "values": [
            "user.id"
          ],
          "namespace": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
          "type": "GENERIC"
        }
      ],
      [...]
    }
  }
}

[04 to ∞] - Been reading forum posts, developer docs, API specs and examples, tried ChatGPT. Tried dozens of formats of post body. Can’t figure out what’s missing here. How can these be managed via API?

image
image2058×1600 344 KB

2

Thank you for reaching out here on the Okta Developer Forum. We noticed that your question is more closely related to SAML. To ensure you receive the most accurate and timely assistance, we recommend reposting your query on Okta’s Community at: Okta Help Center (Lightning)

3

Hi @vk-giri - appreciate you looking at this and responding.

Could you help me understand how this is a SAML issue? The above post description links to a related SAML post, and calls out that the findings there don’t work for a WSFed app. Also, I can perform the action in the UI, and the data aren’t in the API. This doesn’t seem to be a SAML issue, or a WSFed issue, or even a generic application issue. It appears to be an API issue. Please help me better understand what I’m missing and how it is a SAML issue.

Also, thank you for that link. I’d love to open a support ticket, but I’m a vendor developing an integration and Okta don’t provide support to developers, just paying customers (reasonably so; though it’s unfortunate I can’t report this as a bug). As far as I can tell, this community is my only option.

4

Oh. Maybe I can get in to a different forum there. Thank you!
Still trying to understand how this isn’t an API Development issue appropriate to this forum though

Edit:

  • I can’t open a case in the help center. You Do Not Have Access to Create a Case
  • There doesn’t seem to be any SAML, WSFed, API, Workforce, or Developer discussion groups (tried many search terms; couldn’t find a relevant discussion group)
  • The remaining option is ‘Ask the Community’, and I’ll copy this post there.

Ref: https://support.okta.com/help/s/question/0D54z0000AIIQK8CQP/okta-api-how-to-specify-attribute-statements-for-wsfederation-app?language=en_US

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.