SAMLApplications
The SAML-protocol applications in the environment.
View-Specific Information
SELECT
Reading data from this entity requires Read Application/applications:read:application permission.We recommend using the built-in Client Application Developer role.
The 本製品 uses the PingOne Platform API to process WHERE clause conditions built with the following columns and operators.
- Id supports the following operators: =, IN.
All other filters are processed client-side within the 本製品.
For example, the following queries are processed server-side:
SELECT * FROM Administrators.SAMLApplications WHERE Id = '085f7c1a-396f-47f2-881b-c34c46b6eb66';
SELECT * FROM Administrators.SAMLApplications WHERE Id IN ('085f7c1a-396f-47f2-881b-c34c46b6eb66', '96f33e5d-682b-4214-855e-2e105421a35a');
Columns
| Name | Type | References | Description |
| Id [KEY] | String | The application identifier (UUID). | |
| Name | String | The name of the application. | |
| Description | String | The application's description. | |
| IsEnabled | Boolean | Boolean value indicating whether the application is enabled for authorization to PingOne. | |
| Type | String | The type of the application. Possible values are: 'WEB_APP', 'NATIVE_APP', 'SINGLE_PAGE_APP', 'SERVICE', 'CUSTOM_APP', 'WORKER', 'PING_ONE_SELF_SERVICE', 'PING_ONE_ADMIN_CONSOLE', 'PING_ONE_PORTAL', 'TEMPLATE_APP' and 'PORTAL_LINK_APP'. | |
| EnvironmentId | String | Information.Environments.Id | The identifier (UUID) of the environment in which the application exists. |
| CreatedAt | Datetime | The time at which the application was created. | |
| UpdatedAt | Datetime | The time at which the application was last updated. | |
| LoginPageURL | String | The application's login page URL. | |
| HomePageURL | String | The application's home page URL. | |
| IsHiddenFromPortal | Boolean | Boolean value indicating whether the application is hidden in the application portal. | |
| IconURL | String | The URL of the application's icon. | |
| AccessControlRolesCriteria | String | The user role criteria for accessing the application. Possible values are 'ADMIN_USERS_ONLY'. A user is an admin user if they have one or more of the following roles: 'Organization Admin', 'Environment Admin', 'Identity Data Admin' or 'Client Application Developer'. | |
| CORSRestriction | String | The application's restriction in regards to CORS requests. Possible values are 'ALLOW_NO_ORIGINS' and 'ALLOW_SPECIFIC_ORIGINS'. 'ALLOWS_NO_ORIGINS' rejects all CORS requests. 'ALLOW_SPECIFIC_ORIGINS' rejects all CORS requests except those listed in the 'CORSAllowedOrigins' column. | |
| CORSAllowedOrigins | String | The origins from which CORS requests to the Authorization and Authentication APIs are allowed. This applies only when 'CORSRestriction' is set to 'ALLOW_SPECIFIC_ORIGINS'. | |
| TemplateIntegrationId | String | The identifier (UUID) of the integration in Integration Catalog. | |
| TemplateVersionId | String | The identifier (UUID) of the integration version in Integration Catalog. | |
| ACSUrls | String | The Assertion Consumer Service URLs. The first URL in the list is used as default (there must be at least one URL). | |
| AssertionDuration | Integer | The assertion validity duration in seconds. | |
| IsAssertionSigned | Boolean | Boolean value indicating whether the SAML assertion itself should be signed. | |
| DefaultTargetURL | String | A URL that sets the relay state if the identity provider does not include an 'applicationUrl' query parameter in its '/{{envID}}/saml20/idp/startsso' request. | |
| EnableRequestedAuthenticationContext | Boolean | Boolean value indicating whether 'requestedAuthnContext' is taken into account in policy decision-making. | |
| SigningAlgorithm | String | The algorithm used by the identity provider (IdP) signing key. Possible values are: 'SHA256withRSA', 'SHA384withRSA', 'SHA512withRSA', 'SHA256withECDSA', 'SHA384withECDSA', and 'SHA512withECDSA'. | |
| SigningKeyId | String | The identifier (UUID) of the certificate to be used by the identity provider to sign assertions and responses. If 'null' or empty, the default signing certificate for the environment is used instead. | |
| NameIdFormat | String | The format of the subject's 'NameID' attribute in the SAML assertion. Possible values are: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', and 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'. | |
| IsResponseSigned | Boolean | Boolean value indicating whether the SAML assertion response itself should be signed. | |
| SessionNotOnOrAfterDuration | Integer | Used in cases when the SAML application requires a different 'SessionNotOnOrAfter' attribute value within the 'AuthnStatement' element than the 'NotOnOrAfter' value set in the 'AssertionDuration' column. | |
| SLOBinding | String | The binding protocol to be used for the logout response. Possible values are: 'HTTP_REDIRECT' and 'HTTP_POST'. | |
| SLOEndpoint | String | The logout endpoint URL. If 'null' or empty, logout actions result in an error. | |
| SLOResponseEndpoint | String | The endpoint URL to submit the logout response. If 'null' or empty, the value in the 'SLOEndpoint' column is used to submit the SLO response instead. | |
| SLOWindow | Integer | Defines how long PingOne can exchange logout messages with the application, specifically a 'LogoutRequest' from the application, since the initial request. This setting is per application. The SLO logout is separate from the user session logout that revokes all tokens. | |
| EncryptionAlgorithm | String | The algorithm for encrypting the assertions. Possible values are: 'AES_128', 'AES_256', and 'TRIPLEDES'. | |
| EncryptionCertificateId | String | The identifier (UUID) of the encryption public certificate that has been uploaded to PingOne. | |
| ServiceProviderEntityId | String | The service provider entity ID used to lookup the application. | |
| EnableAuthenticationRequestSigning | Boolean | Boolean value indicating whether Authentication Request signing should be enforced. |