SAML ACS endpoint (SSO)

POST /api/authn/single-sign-on/saml/{connectorId}

The Assertion Consumer Service (ACS) endpoint for Simple Assertion Markup Language (SAML) single sign-on (SSO) connectors.

This endpoint is used to complete the SAML SSO authentication flow. It receives the SAML assertion response from the identity provider (IdP) and redirects the user to complete the authentication flow.

Path parameters

connectorId string Required

The unique identifier of the connector.

application/json

Body Required

RelayState string

SAML standard parameter that will be transmitted between the identity provider and the service provider. It will be used as the session ID (jti) of the user's Logto authentication session. This API will use this session ID to retrieve the SSO connector authentication session from the database.
SAMLResponse string Required

The SAML assertion response from the identity provider (IdP).

Responses

302

Redirect to the endpoint to complete the authentication flow.
400

Invalid SAML assertion response.
404

Invalid SSO connector ID or SSO connector authentication session not found.

POST /api/authn/single-sign-on/saml/{connectorId}

curl \
 -X POST https://[tenant_id].logto.app/api/authn/single-sign-on/saml/{connectorId} \
 -H "Content-Type: application/json" \
 -d '{"RelayState":"string","SAMLResponse":"string"}'

Request examples

{
  "RelayState": "string",
  "SAMLResponse": "string"
}