SAML ACS endpoint (SSO)

POST /api/authn/single-sign-on/saml/{connectorId}

The Assertion Consumer Service (ACS) endpoint for Simple Assertion Markup Language (SAML) single sign-on (SSO) connectors.

This endpoint is used to complete the SAML SSO authentication flow. It receives the SAML assertion response from the identity provider (IdP) and redirects the user to complete the authentication flow.

Path parameters

  • connectorId string Required

    The unique identifier of the connector.

application/json

Body Required

  • RelayState string Required

    SAML standard parameter that will be transmitted between the identity provider and the service provider. It will be used as the session ID (jti) of the user's Logto authentication session. This API will use this session ID to retrieve the SSO connector authentication session from the database.

  • SAMLResponse string Required

    The SAML assertion response from the identity provider (IdP).

Responses

  • 302

    Redirect to the endpoint to complete the authentication flow.

  • 400

    Invalid SAML assertion response.

  • 404

    Invalid SSO connector ID or SSO connector authentication session not found.

POST /api/authn/single-sign-on/saml/{connectorId} 
curl \
 -X POST https://[tenant_id].logto.app/api/authn/single-sign-on/saml/{connectorId} \
 -H "Content-Type: application/json" \
 -d '{"RelayState":"string","SAMLResponse":"string"}'
Request example 
{
  "RelayState": "string",
  "SAMLResponse": "string"
}