WSFederationApplications
The WSFederation-protocol applications in the environment.
Table-Specific Information
We recommend using the built-in Client Application Developer role to read and write data for this table.
SELECT
Reading data from this table requires Read Application/applications:read:application permission.The connector uses the PingOne Platform API to process WHERE clause conditions built with the following columns and operators.
- Id supports the following operators: =, IN.
All other filters are processed client-side within the connector.
For example, the following queries are processed server-side:
SELECT * FROM Administrators.WSFederationApplications WHERE Id = 'c4f584e4-eee8-4e19-a08c-0a05f8e21a72';
SELECT * FROM Administrators.WSFederationApplications WHERE Id IN ('c4f584e4-eee8-4e19-a08c-0a05f8e21a72', 'c207adc7-723c-47bb-a53f-c1086bb942c6');
INSERT
Creating data in this table requires Create Application/applications:create:application permission.Refer to the query example below:
INSERT INTO Administrators.WSFederationApplications (Name, Description, Type, IsEnabled, DomainName, SigningKeyId, SigningAlgorithm, ReplyURL) VALUES ('My WS-Fed Application', 'My WS-Fed Application', 'CUSTOM_APP', false, 'domain.com', 'f5718478-2193-41ca-8afa-756b37b2edc7', 'SHA256withRSA', 'https://reply.com')
UPDATE
Updating data in this table requires Update Application/applications:update:application permission.Refer to the query example below:
UPDATE Administrators.WSFederationApplications SET IsEnabled = true WHERE Id = 'c4f584e4-eee8-4e19-a08c-0a05f8e21a72'
DELETE
Deleting data from this table requires Delete Application/applications:delete:application permission.Refer to the query example below:
DELETE FROM Administrators.WSFederationApplications WHERE Id = 'c4f584e4-eee8-4e19-a08c-0a05f8e21a72'
Columns
| Name | Type | ReadOnly | References | Description |
| Id [KEY] | String | True |
The application identifier (UUID). | |
| Name | String | False |
The name of the application. | |
| Description | String | False |
The application's description. | |
| IsEnabled | Boolean | False |
Boolean value indicating whether the application is enabled for authorization to PingOne. | |
| Type | String | False |
The type of the application. Possible values are: 'WEB_APP', and 'CUSTOM_APP'. | |
| EnvironmentId | String | True | Information.Environments.Id |
The identifier (UUID) of the environment in which the application exists. |
| CreatedAt | Datetime | True |
The time at which the application was created. | |
| UpdatedAt | Datetime | True |
The time at which the application was last updated. | |
| LoginPageURL | String | False |
The application's login page URL. | |
| HomePageURL | String | False |
The application's home page URL. | |
| IsHiddenFromPortal | Boolean | False |
Boolean value indicating whether the application is hidden in the application portal. | |
| IconURL | String | False |
The URL of the application's icon. | |
| AccessControlRolesCriteria | String | False |
The user role criteria for accessing the application. Possible values are 'ADMIN_USERS_ONLY'. A user is an admin user if they have one or more of the following roles: 'Organization Admin', 'Environment Admin', 'Identity Data Admin' or 'Client Application Developer'. | |
| CORSRestriction | String | False |
The application's restriction in regards to CORS requests. Possible values are 'ALLOW_NO_ORIGINS' and 'ALLOW_SPECIFIC_ORIGINS'. 'ALLOWS_NO_ORIGINS' rejects all CORS requests. 'ALLOW_SPECIFIC_ORIGINS' rejects all CORS requests except those listed in the 'CORSAllowedOrigins' column. | |
| CORSAllowedOrigins | String | False |
The origins from which CORS requests to the Authorization and Authentication APIs are allowed. This applies only when 'CORSRestriction' is set to 'ALLOW_SPECIFIC_ORIGINS'. | |
| DomainName | String | False |
The federated domain name (for example, the Azure custom domain). | |
| SigningAlgorithm | String | False |
The algorithm used by the identity provider (IdP) signing key. Possible values are: 'SHA256withRSA', 'SHA384withRSA', 'SHA512withRSA', 'SHA256withECDSA', 'SHA384withECDSA', and 'SHA512withECDSA'. | |
| SigningKeyId | String | False |
The identifier (UUID) of the certificate to be used by the identity provider to sign assertions and responses. | |
| ReplyURL | String | False |
The URL that the replying party (such as, Office365) uses to accept submissions of 'RequestSecurityTokenResponse' messages that are a result of SSO requests. | |
| SLOEndpoint | String | False |
The single logout endpoint URL. | |
| NameIdFormat | String | False |
The format to use for the subject's NameIdentifier attribute. Possible values are: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' and 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'. |