{ "$schema": "http://json-schema.org/draft-07/schema", "$id": "sso-schema", "type": "object", "title": "SSO Schema", "description": "Schema describing an SSO configuration object", "properties": { "name": { "type": "string", "description": "Name of the SSO configuration", "examples": [ "Auth0", "Okta" ] }, "ssoType": { "type": "string", "description": "Single sign on type, SAML, OpenID, etc.", "examples": [ "saml" ], "enum": [ "saml" ] }, "settings": { "type": "object", "description": "The configuration for the sso type used", "oneOf": [ { "$ref": "#/definitions/samlConfig" } ] }, "tested": { "type": "boolean", "description": "Whether the sso config was tested" } }, "required": [ "name", "ssoType", "settings" ], "definitions": { "samlConfig": { "type": "object", "required": [ "issuer", "loginURL", "certificate", "samlUserNameAttribute", "samlGroupsAttribute", "forceLogin" ], "additionalProperties": false, "properties": { "description": { "type": "string", "description": "A description of the sso configuration", "examples": [ "This sso configuration connects to Okta" ] }, "issuer": { "type": "string", "description": "Issuer identity provider", "examples": [ "https://www.auth0.com/oauth2/example" ] }, "loginURL": { "type": "string", "description": "Login URL for SSO identity provider", "examples": [ "https://www.auth0.com/login" ] }, "logoutURL": { "type": "string", "description": "Logout URL for SSO identity provider", "examples": [ "https://www.auth0.com/logout" ] }, "certificate": { "type": "string", "description": "Security certificate", "examples": [ "MIIDrjCCApagAwIBAgIGAYbHI140MA0GCSqGSIb3DQEBCwUAMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU==" ] }, "samlEmailAttribute": { "type": "string", "description": "Attribute containing user email address", "examples": [ "mail", "email", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ], "default": "email" }, "samlUserNameAttribute": { "type": "string", "description": "Attribute containing the full user name", "examples": [ "userName", "user", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ], "default": "username" }, "samlGroupsAttribute": { "type": "string", "description": "Attribute containing the name of the groups property", "examples": [ "groups", "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" ], "default": "groups" }, "samlFirstNameAttribute": { "type": "string", "description": "Attribute containing the first name of the user", "examples": [ "firstName", "name", "http://schemas.microsoft.com/ws/2008/06/identity/claims/givenname" ] }, "forceLogin": { "type": "boolean", "description": "A boolean flag indicating if a user is forced to login", "title": "Force User Login", "default": false } } } }, "additionalProperties": false }