Skip to main content

SAML service provider (developer) configuration

AppDirect marketplaces support the retrieval of SAML service provider configuration via the SUBSCRIPTION\_ORDER event, similar to what is done with OpenID Connect. The configuration data (also referred to as SAML metadata) is sent as a “samlIdp” link in the SUBSCRIPTION\_ORDER payload.

By default, the metadata is returned in the JSON format. Developers can optionally retrieve SAML metadata using the standard SAML schema (XML) by requesting it with _Accept: application/samlmetadata+xml_ or appending _.samlmetadata.xml_ to the link URL

📝 Note: A unique SAML identity provider configuration (including public signature verification certificate and entity id) can be created for each subscription, marketplace, or environment to which a Developer's products are distributed, based on the particular needs of the developer.

The steps represented in the following flow chart are built on top of AppDirect’s standard subscription event notification flow. Steps 5 and 6 represent the new steps added to support SAML single sign-on (SSO). A description of each step appears below the image.

SAML developer service provider configuration `

  1. An event is triggered by a customer action (for example, an application purchase).
  2. AppDirect sends a subscription event notification to the application vendor (developer). This event is uniquely identified by an event URL. See also step 11.
  3. The developer validates the OAuth-signature on the request, and can then read the event URL from the parameters to send an HTTP GET request for more information about this specific subscription event.
  4. AppDirect sends a JSON or XML response to the developer.
  5. The SAML metadata is requested from the “samlIdp” endpoint included in the SUBSCRIPTION_ORDER event. This request is protected by the same OAuth key used in step 3. See Example A—SUBSCRIPTION\_ORDER event in the SAML authentication event examples topic.
  6. The SAML metadata is returned. See Example B—SAML metadata in the SAML authentication event examples topic.
  7. The developer responds to the original event notification (step 2), passing account and/or status information.
  8. This status information is used by AppDirect to provide feedback to the customer via the AppDirect UI.

Was this page helpful?

Tell us more…

Help us improve our content. Responses are anonymous.

Thanks

We appreciate your feedback!