The credentials object has been extended with a signing object that contains a key reference to a key in the app's keystore. This pattern mirrors the IdP API /api/v1/idps/credentials/keys.
GET /api/v1/apps/0oaaxj6jHI15dNcsQ0g4 HTTP/1.1HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "0oaaxj6jHI15dNcsQ0g4",
"name": "raincloud59_partnerapp_1",
"label": "Partner App",
"status": "ACTIVE",
"lastUpdated": "2015-08-19T21:20:39.000Z",
"created": "2015-08-19T21:20:06.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": "http://localhost:8080"
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"raincloud59_partnerapp_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {
"kid": "164f0d13-be79-4a13-8848-a9450e9abd2c"
}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "http://example.com",
"idpIssuer": "http://www.okta.com/${org.externalKey}",
"audience": "http://example.com",
"recipient": "http://example.com",
"destination": "http://example.com",
"subjectNameIdTemplate": "${user.userName}",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"spIssuer": null,
"requestCompressed": false,
"attributeStatements": []
}
},
"_links": {
"logo": [
{
"name": "medium",
"href": "http://rain.okta1.com:1802/img/logos/default.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "raincloud59_partnerapp_1_link",
"href": "http://rain.okta1.com:1802/home/raincloud59_partnerapp_1/0oaaxj6jHI15dNcsQ0g4/1861",
"type": "text/html"
}
],
"help": {
"href": "http://rain-admin.okta1.com:1802/app/raincloud59_partnerapp_1/0oaaxj6jHI15dNcsQ0g4/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/users"
},
"deactivate": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/lifecycle/deactivate"
},
"groups": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/groups"
},
"metadata": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/sso/saml/metadata",
"type": "application/xml"
},
"keys": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/credentials/keys"
},
"keyRollover": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/lifecycle/credentials/keyRollover
}
}
}This operation allows the admin to control when the keys are swapped. If the kid is invalid an error should be returned.
POST /api/v1/apps/0oaaxj6jHI15dNcsQ0g4 HTTP/1.1
Content-Type: application/json
{
"credentials": {
"signing": {
"kid": "74bb2164-e0c8-4457-862b-7c29ba6cd2c9"
}
}
}HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "0oaaxj6jHI15dNcsQ0g4",
"name": "raincloud59_partnerapp_1",
"label": "Partner App",
"status": "ACTIVE",
"lastUpdated": "2015-08-19T21:20:39.000Z",
"created": "2015-08-19T21:20:06.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": "http://localhost:8080"
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"raincloud59_partnerapp_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {
"kid": "74bb2164-e0c8-4457-862b-7c29ba6cd2c9"
}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "http://example.com",
"idpIssuer": "http://www.okta.com/${org.externalKey}",
"audience": "http://example.com",
"recipient": "http://example.com",
"destination": "http://example.com",
"subjectNameIdTemplate": "${user.userName}",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"spIssuer": null,
"requestCompressed": false,
"attributeStatements": []
}
},
"_links": {
"logo": [
{
"name": "medium",
"href": "http://rain.okta1.com:1802/img/logos/default.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "raincloud59_partnerapp_1_link",
"href": "http://rain.okta1.com:1802/home/raincloud59_partnerapp_1/0oaaxj6jHI15dNcsQ0g4/1861",
"type": "text/html"
}
],
"help": {
"href": "http://rain-admin.okta1.com:1802/app/raincloud59_partnerapp_1/0oaaxj6jHI15dNcsQ0g4/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/users"
},
"deactivate": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/lifecycle/deactivate"
},
"groups": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/groups"
},
"metadata": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/sso/saml/metadata",
"type": "application/xml"
},
"keys": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/credentials/keys"
},
"keyRollover": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/lifecycle/credentials/keyRollover
}
}
}Generates a new key and replaces the existing key with the generated key. This operation is the same as calling KeyStore:Generate Key then App:Update Key. It is a convenience method for admins that don't need to preview the new key/metadata before swapping keys.
POST /api/v1/apps/0oaaxj6jHI15dNcsQ0g4/lifecycle/credentials/keyRollover?validityYears=2 HTTP/1.1HTTP/1.1 200 OK
Content-Type: application/json
"id": "0oaaxj6jHI15dNcsQ0g4",
"name": "raincloud59_partnerapp_1",
"label": "Partner App",
"status": "ACTIVE",
"lastUpdated": "2015-08-19T21:20:39.000Z",
"created": "2015-08-19T21:20:06.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": "http://localhost:8080"
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"raincloud59_partnerapp_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {
"kid": "74bb2164-e0c8-4457-862b-7c29ba6cd2c9"
}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "http://example.com",
"idpIssuer": "http://www.okta.com/${org.externalKey}",
"audience": "http://example.com",
"recipient": "http://example.com",
"destination": "http://example.com",
"subjectNameIdTemplate": "${user.userName}",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"spIssuer": null,
"requestCompressed": false,
"attributeStatements": []
}
},
"_links": {
"logo": [
{
"name": "medium",
"href": "http://rain.okta1.com:1802/img/logos/default.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "raincloud59_partnerapp_1_link",
"href": "http://rain.okta1.com:1802/home/raincloud59_partnerapp_1/0oaaxj6jHI15dNcsQ0g4/1861",
"type": "text/html"
}
],
"help": {
"href": "http://rain-admin.okta1.com:1802/app/raincloud59_partnerapp_1/0oaaxj6jHI15dNcsQ0g4/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/users"
},
"deactivate": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/lifecycle/deactivate"
},
"groups": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/groups"
},
"metadata": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/sso/saml/metadata",
"type": "application/xml"
},
"keys": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/credentials/keys
},
"keyRollover": {
"href": "http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/lifecycle/credentials/keyRollover
}
}
}
POST /api/v1/apps/0oaaxj6jHI15dNcsQ0g4/credentials/keys/generate?validityYears=2 HTTP/1.1HTTP/1.1 201 Created
Content-Type: application/json
Location: http://rain.okta1.com:1802/api/v1/apps/0oaaxj6jHI15dNcsQ0g4/credentials/keys/ipkbthkqA019y3xTk0g4
{
"id": "ipkbthkqA019y3xTk0g4",
"created": "2015-11-10T16:30:23.000Z",
"lastUpdated": "2015-11-10T16:30:23.000Z",
"expiresAt": "2017-11-10T16:30:23.000Z",
"kid": "74bb2164-e0c8-4457-862b-7c29ba6cd2c9",
"e": "65537",
"n": "18266302796442459199914765647075355683881661870399034465477430255781991834472616734541436020089160984399101459477861817528166268483126560259604455522843632766676187233102281214674335964282037306591730419282508510117089907752587871093265445299461082340847262587371669312431851805803728232033768137980831600985612986294414521768504668810737480579650315089254654720355575506897807370619101222983371240053659396231798151821880621285680626097311303255661602751949654901151717360871270780026504082348377164097504554177225842804687429091124693224523738856483235049664363575092124341063691912761357874279861378525992459282913",
"kty": "RSA",
"use": "sig",
"x5c": [
"MIIEEzCCAvugAwIBAgIQYt77Rv0CBFq2k5uog7R5pzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xJjAkBgNVBAMTHVZJUCBBdXRoZW50aWNhdGlvbiBTZXJ2aWNlIENBMB4XDTE0MDMxNzAwMDAwMFoXDTE2MDMxNjIzNTk1OVowOzEbMBkGA1UECwwSUHJvZHVjdCBNYW5hZ2VtZW50MQ0wCwYDVQQKDARPa3RhMQ0wCwYDVQQDDARPa3RhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLJt9cfShs5pqZ21UhXBKiDGLezC6EH9K9Jb0WsfKOB9Yy3oxR7p0U7crBlV0yy1wZh9CrBoe4agPCOocCE6WjrVUap9LabS2xtiZvvMA7eaFyJfl7N1pkJjmSMH5zsPP/Uty/8PxUsSo+I/+VXOWmfeFBwgAi4H3IF0bqTIeM3D6lBn/8b4HySb7pXvk1qMbQasUX2F8k+AmUpOPaRx6TlqWwIftT7P7wd4kM9fvKhR37kaCFQuMDI+40BEkIuX01q41iiF9dG+/PwOWDTl0vlskLbw4f2ZhHxdn2fSY0mU2ch4aBt+Z2BqTFIhCVe52rizFrBJuJamTochhH2p4QIDAQABo4H/MIH8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1ZlcmlTaWduSW5jVklQQXV0aGVudGljYXRpb25TZXJ2aWNlL0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUZiuI19oojLzejQJfMqApZcRKrpIwHQYDVR0OBBYEFB4rHUGdHT3/o/FME29e9JjeIU7jMBEGCWCGSAGG+EIBAQQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAYBgpghkgBhvhFAQYLBAoWCDI1Nzg1MDYyMA0GCSqGSIb3DQEBBQUAA4IBAQCbbBUfAbAcOIhLRRwv711B5tCzEbaGkYcdtZRkog2YKhU+RPZYD15z7pbl29z54h/6HSy7nDEUGO2nn6yZY/4zERKWIz+UnGC5QQmQdwI4IJz2UBm/+hAuYJvcn3eKv53AtmVKS1ciIHB6094Cu20UOijEjLeB/jv//qY0G20V8oDgdWbQ0ZvDp8NSdtQzd5uh7gquwZaFHjoXhIhzcuVQKciH6tpXXq6LqbPHRzjXo5nN7zU0R01n2/2o4gNc0el0dW8BBucMTRm6tdHaoALXqIqa2FEzbChexlkxhlwbgWC4fbo0LmYlE2oUwZqhPzpnv/+65B5Q9rms/bp1lR18"
],
"x5t": "y-ejAhuCRmC7nm19Gv1fSqbT9TY"
}GET /api/v1/apps/0oaaxj6jHI15dNcsQ0g4/credentials/keys/ipkbthkqA019y3xTk0g4 HTTP/1.1HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "ipkbthkqA019y3xTk0g4",
"created": "2015-11-10T16:30:23.000Z",
"lastUpdated": "2015-11-10T16:30:23.000Z",
"expiresAt": "2017-11-10T16:30:23.000Z",
"kid": "74bb2164-e0c8-4457-862b-7c29ba6cd2c9",
"e": "65537",
"n": "18266302796442459199914765647075355683881661870399034465477430255781991834472616734541436020089160984399101459477861817528166268483126560259604455522843632766676187233102281214674335964282037306591730419282508510117089907752587871093265445299461082340847262587371669312431851805803728232033768137980831600985612986294414521768504668810737480579650315089254654720355575506897807370619101222983371240053659396231798151821880621285680626097311303255661602751949654901151717360871270780026504082348377164097504554177225842804687429091124693224523738856483235049664363575092124341063691912761357874279861378525992459282913",
"kty": "RSA",
"use": "sig",
"x5c": [
"MIIEEzCCAvugAwIBAgIQYt77Rv0CBFq2k5uog7R5pzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xJjAkBgNVBAMTHVZJUCBBdXRoZW50aWNhdGlvbiBTZXJ2aWNlIENBMB4XDTE0MDMxNzAwMDAwMFoXDTE2MDMxNjIzNTk1OVowOzEbMBkGA1UECwwSUHJvZHVjdCBNYW5hZ2VtZW50MQ0wCwYDVQQKDARPa3RhMQ0wCwYDVQQDDARPa3RhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLJt9cfShs5pqZ21UhXBKiDGLezC6EH9K9Jb0WsfKOB9Yy3oxR7p0U7crBlV0yy1wZh9CrBoe4agPCOocCE6WjrVUap9LabS2xtiZvvMA7eaFyJfl7N1pkJjmSMH5zsPP/Uty/8PxUsSo+I/+VXOWmfeFBwgAi4H3IF0bqTIeM3D6lBn/8b4HySb7pXvk1qMbQasUX2F8k+AmUpOPaRx6TlqWwIftT7P7wd4kM9fvKhR37kaCFQuMDI+40BEkIuX01q41iiF9dG+/PwOWDTl0vlskLbw4f2ZhHxdn2fSY0mU2ch4aBt+Z2BqTFIhCVe52rizFrBJuJamTochhH2p4QIDAQABo4H/MIH8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1ZlcmlTaWduSW5jVklQQXV0aGVudGljYXRpb25TZXJ2aWNlL0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUZiuI19oojLzejQJfMqApZcRKrpIwHQYDVR0OBBYEFB4rHUGdHT3/o/FME29e9JjeIU7jMBEGCWCGSAGG+EIBAQQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAYBgpghkgBhvhFAQYLBAoWCDI1Nzg1MDYyMA0GCSqGSIb3DQEBBQUAA4IBAQCbbBUfAbAcOIhLRRwv711B5tCzEbaGkYcdtZRkog2YKhU+RPZYD15z7pbl29z54h/6HSy7nDEUGO2nn6yZY/4zERKWIz+UnGC5QQmQdwI4IJz2UBm/+hAuYJvcn3eKv53AtmVKS1ciIHB6094Cu20UOijEjLeB/jv//qY0G20V8oDgdWbQ0ZvDp8NSdtQzd5uh7gquwZaFHjoXhIhzcuVQKciH6tpXXq6LqbPHRzjXo5nN7zU0R01n2/2o4gNc0el0dW8BBucMTRm6tdHaoALXqIqa2FEzbChexlkxhlwbgWC4fbo0LmYlE2oUwZqhPzpnv/+65B5Q9rms/bp1lR18"
],
"x5t": "y-ejAhuCRmC7nm19Gv1fSqbT9TY"
}GET /api/v1/apps/0oaaxj6jHI15dNcsQ0g4/credentials/keys HTTP/1.1HTTP/1.1 200 OK
Content-Type: application/json
[
{
"id": "ipkbmqlF4v0bTwrEH0g4",
"created": "2015-10-20T22:07:24.000Z",
"lastUpdated": "2015-10-20T22:07:24.000Z",
"expiresAt": "2025-10-20T22:07:24.000Z",
"kid": "164f0d13-be79-4a13-8848-a9450e9abd2c",
"e": "65537",
"n": "24450362888052140413098025845420968344897573767271396395063004008040328941424728288638347418744403986579674619309990422048292393640485058955590771379446039710875049339963942970842480944289481174770650827892771068089294408145221639635729973310097983451703824211118919527156358598654183831755885669767129212707919844996502393663053952032227301094376526278552539851437904422686699228602698406894008126028849511766291587541238073662502027466905944223059149044963328953304072804625182357649835798715936773433185485804356190720426785059594875472466470177883405096090019491901693828626805910416940164823617520446117743390913",
"kty": "PKIX",
"use": "sig",
"alg": "SHA1withRSA",
"x5c": [
"MIIDPDCCAiQCCQDydJgOlszqbzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEQMA4GA1UEChMHSmFua3lDbzESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDMxMjE5NDYzM1oXDTI3MTExOTE5NDYzM1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoTB0phbmt5Q28xEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGvJpRTTasRUSPqcbqCG+ZnTAurnu0vVpIG9lzExnh11o/BGmzu7lB+yLHcEdwrKBBmpepDBPCYxpVajvuEhZdKFx/Fdy6j5mH3rrW0Bh/zd36CoUNjbbhHyTjeM7FN2yF3u9lcyubuvOzr3B3gX66IwJlU46+wzcQVhSOlMk2tXR+fIKQExFrOuK9tbX3JIBUqItpI+HnAow509CnM134svw8PTFLkR6/CcMqnDfDK1m993PyoC1Y+N4X9XkhSmEQoAlAHPI5LHrvuujM13nvtoVYvKYoj7ScgumkpWNEvX652LfXOnKYlkB8ZybuxmFfIkzedQrbJsyOhfL03cMECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAeHwzqwnzGEkxjzSD47imXaTqtYyETZow7XwBc0ZaFS50qRFJUgKTAmKS1xQBP/qHpStsROT35DUxJAE6NY1Kbq3ZbCuhGoSlY0L7VzVT5tpu4EY8+Dq/u2EjRmmhoL7UkskvIZ2n1DdERtd+YUMTeqYl9co43csZwDno/IKomeN5qaPc39IZjikJ+nUC6kPFKeu/3j9rgHNlRtocI6S1FdtFz9OZMQlpr0JbUt2T3xS/YoQJn6coDmJL5GTiiKM6cOe+Ur1VwzS1JEDbSS2TWWhzq8ojLdrotYLGd9JOsoQhElmz+tMfCFQUFLExinPAyy7YHlSiVX13QH2XTu/iQQ=="
],
"x5t": "hOpWWJUkrleInbNj7WUwH-JcW7g"
},
{
"id": "ipkbthkqA019y3xTk0g4",
"created": "2015-11-10T16:30:23.000Z",
"lastUpdated": "2015-11-10T16:30:23.000Z",
"expiresAt": "2017-11-10T16:30:23.000Z",
"kid": "74bb2164-e0c8-4457-862b-7c29ba6cd2c9",
"e": "65537",
"n": "18266302796442459199914765647075355683881661870399034465477430255781991834472616734541436020089160984399101459477861817528166268483126560259604455522843632766676187233102281214674335964282037306591730419282508510117089907752587871093265445299461082340847262587371669312431851805803728232033768137980831600985612986294414521768504668810737480579650315089254654720355575506897807370619101222983371240053659396231798151821880621285680626097311303255661602751949654901151717360871270780026504082348377164097504554177225842804687429091124693224523738856483235049664363575092124341063691912761357874279861378525992459282913",
"kty": "RSA",
"use": "sig",
"x5c": [
"MIIEEzCCAvugAwIBAgIQYt77Rv0CBFq2k5uog7R5pzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xJjAkBgNVBAMTHVZJUCBBdXRoZW50aWNhdGlvbiBTZXJ2aWNlIENBMB4XDTE0MDMxNzAwMDAwMFoXDTE2MDMxNjIzNTk1OVowOzEbMBkGA1UECwwSUHJvZHVjdCBNYW5hZ2VtZW50MQ0wCwYDVQQKDARPa3RhMQ0wCwYDVQQDDARPa3RhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLJt9cfShs5pqZ21UhXBKiDGLezC6EH9K9Jb0WsfKOB9Yy3oxR7p0U7crBlV0yy1wZh9CrBoe4agPCOocCE6WjrVUap9LabS2xtiZvvMA7eaFyJfl7N1pkJjmSMH5zsPP/Uty/8PxUsSo+I/+VXOWmfeFBwgAi4H3IF0bqTIeM3D6lBn/8b4HySb7pXvk1qMbQasUX2F8k+AmUpOPaRx6TlqWwIftT7P7wd4kM9fvKhR37kaCFQuMDI+40BEkIuX01q41iiF9dG+/PwOWDTl0vlskLbw4f2ZhHxdn2fSY0mU2ch4aBt+Z2BqTFIhCVe52rizFrBJuJamTochhH2p4QIDAQABo4H/MIH8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1ZlcmlTaWduSW5jVklQQXV0aGVudGljYXRpb25TZXJ2aWNlL0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUZiuI19oojLzejQJfMqApZcRKrpIwHQYDVR0OBBYEFB4rHUGdHT3/o/FME29e9JjeIU7jMBEGCWCGSAGG+EIBAQQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAYBgpghkgBhvhFAQYLBAoWCDI1Nzg1MDYyMA0GCSqGSIb3DQEBBQUAA4IBAQCbbBUfAbAcOIhLRRwv711B5tCzEbaGkYcdtZRkog2YKhU+RPZYD15z7pbl29z54h/6HSy7nDEUGO2nn6yZY/4zERKWIz+UnGC5QQmQdwI4IJz2UBm/+hAuYJvcn3eKv53AtmVKS1ciIHB6094Cu20UOijEjLeB/jv//qY0G20V8oDgdWbQ0ZvDp8NSdtQzd5uh7gquwZaFHjoXhIhzcuVQKciH6tpXXq6LqbPHRzjXo5nN7zU0R01n2/2o4gNc0el0dW8BBucMTRm6tdHaoALXqIqa2FEzbChexlkxhlwbgWC4fbo0LmYlE2oUwZqhPzpnv/+65B5Q9rms/bp1lR18"
],
"x5t": "y-ejAhuCRmC7nm19Gv1fSqbT9TY"
}
]GET /api/v1/apps/0oaaxj6jHI15dNcsQ0g4/sso/saml/metadata?kid=74bb2164-e0c8-4457-862b-7c29ba6cd2c9 HTTP/1.1
Accept: application/xmlHTTP/1.1 200 OK
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exkaxj5L6MGW4IRVH0g4">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIEEzCCAvugAwIBAgIQYt77Rv0CBFq2k5uog7R5pzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xJjAkBgNVBAMTHVZJUCBBdXRoZW50aWNhdGlvbiBTZXJ2aWNlIENBMB4XDTE0MDMxNzAwMDAwMFoXDTE2MDMxNjIzNTk1OVowOzEbMBkGA1UECwwSUHJvZHVjdCBNYW5hZ2VtZW50MQ0wCwYDVQQKDARPa3RhMQ0wCwYDVQQDDARPa3RhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLJt9cfShs5pqZ21UhXBKiDGLezC6EH9K9Jb0WsfKOB9Yy3oxR7p0U7crBlV0yy1wZh9CrBoe4agPCOocCE6WjrVUap9LabS2xtiZvvMA7eaFyJfl7N1pkJjmSMH5zsPP/Uty/8PxUsSo+I/+VXOWmfeFBwgAi4H3IF0bqTIeM3D6lBn/8b4HySb7pXvk1qMbQasUX2F8k+AmUpOPaRx6TlqWwIftT7P7wd4kM9fvKhR37kaCFQuMDI+40BEkIuX01q41iiF9dG+/PwOWDTl0vlskLbw4f2ZhHxdn2fSY0mU2ch4aBt+Z2BqTFIhCVe52rizFrBJuJamTochhH2p4QIDAQABo4H/MIH8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1ZlcmlTaWduSW5jVklQQXV0aGVudGljYXRpb25TZXJ2aWNlL0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUZiuI19oojLzejQJfMqApZcRKrpIwHQYDVR0OBBYEFB4rHUGdHT3/o/FME29e9JjeIU7jMBEGCWCGSAGG+EIBAQQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAYBgpghkgBhvhFAQYLBAoWCDI1Nzg1MDYyMA0GCSqGSIb3DQEBBQUAA4IBAQCbbBUfAbAcOIhLRRwv711B5tCzEbaGkYcdtZRkog2YKhU+RPZYD15z7pbl29z54h/6HSy7nDEUGO2nn6yZY/4zERKWIz+UnGC5QQmQdwI4IJz2UBm/+hAuYJvcn3eKv53AtmVKS1ciIHB6094Cu20UOijEjLeB/jv//qY0G20V8oDgdWbQ0ZvDp8NSdtQzd5uh7gquwZaFHjoXhIhzcuVQKciH6tpXXq6LqbPHRzjXo5nN7zU0R01n2/2o4gNc0el0dW8BBucMTRm6tdHaoALXqIqa2FEzbChexlkxhlwbgWC4fbo0LmYlE2oUwZqhPzpnv/+65B5Q9rms/bp1lR18</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://rain.okta1.com:1802/app/raincloud59_partnerapp_1/exkaxj5L6MGW4IRVH0g4/sso/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://rain.okta1.com:1802/app/raincloud59_partnerapp_1/exkaxj5L6MGW4IRVH0g4/sso/saml"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>