Login flow
Start Login
This endpoint is necessary for the GUI to detect if the user must log in with a basic email/password setup or be redirected to an SSO identity provider.
Example of call:
POST /api/rest/v1/authentication/start_login
{
"email": "[email protected]"
}Example of response:
mode: can beBasic,OIDCorSAML
{
"mode": "OIDC"
}The mode returned by the call will define the continuation of the login flow.
SAML - SSO
This endpoint is called by the GUI to receive the redirection the user must follow in order to get authenticated by the identity provider.
POST /api/rest/v1/authentication/saml/sso
Example of request body:
{
"email": "[email protected]"
}Example of response:
302
Location https://idp.example.com/SAML2/Redirect/SSO?SAMLRequest=...&RelayState=...SAML - ACS
This endpoint is the redirection used by the SAML flow to confirm the authentication of a user.
POST /api/rest/v1/authentication/saml/acs
Example of request body:
{
"RelayState": "...",
"SAMLResponse": "..."
}Example of response:
200
Set-Cookie: token=...; HttpOnly; Secure;
{
"token": "..."
}Diagram below - Calling an endpoint of Taurus-PROTECT with SAML 2.0
OIDC - SSO
This endpoint is called by the GUI to receive the redirection the user must follow in order to get authenticated by the identity provider.
POST /api/rest/v1/authentication/oidc/sso
Example of request body:
{
"email": "[email protected]"
}Example of Response
302
Location https://idp.example.com/authorize?redirect_uri=...&client_id=...OIDC - Token
This endpoint is called by the GUI after it receives a code from the identity provider. Protect can then contact the identity provider to accept the session.
POST /api/rest/v1/authentication/oidc/token
Example of request body:
{
"code": "...",
"state": "..."
}Example of Response
200
Set-Cookie: token=...; HttpOnly; Secure;
{
"token": "..."
}Diagram below - Calling an endpoint of Taurus-PROTECT with OIDC
Updated 28 days ago