Creating a Service Provider Certificate

Function

This API is used to create a SAML signing certificate of a service provider. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

POST /v1/identity-stores/{identity_store_id}/saml-certificates

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
identity_store_id	Yes	String	Globally unique ID of an identity source.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
X-Security-Token	No	String	Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

Response Parameters

Status code: 201

**Table 3** Parameters in the response body
Parameter	Type	Description
certificate_id	String	Certificate ID.
x509certificate	String	X.509 certificate.
algorithm	String	Signature algorithm.
expiry_date	Long	Certificate expiration timestamp.
state	String	Certificate activation status.

Status code: 400

**Table 4** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.

Status code: 403

**Table 5** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Unique ID of a request.
encoded_authorization_message	String	Encrypted error message.

Example Request

Creating a SAML signing certificate of a service provider

POST https://{hostname}/v1/identity-stores/{identity_store_id}/saml-certificates

Example Response

Status code: 201

Successful

{
  "certificate_id" : "cer-89a0723d-fdfd-40cb-9fb6-14xxxx",
  "x509certificate" : "-----BEGIN CERTIFICATE-----\r\nMIIEzDCCAzSgAwIBAg*******************OrPhEc=\r\n-----END CERTIFICATE-----",
  "algorithm" : "SHA256withRSA",
  "expiry_date" : 2069798400000,
  "state" : "INACTIVE"
}