Get a SAML Assertion for a Configured App


CyberArk Identity provides the ability to get SAML information for a configured application.

This page described the API workflow for programmatically obtaining SAML assertions for a configured application on a tenant.

Before continuing, ensure you are familiar with:

The remainder of this document assumes that you have already authenticated the user and have obtained the authentication token necessary to invoke subsequent endpoints.

Obtaining a SAML Response

Invoke the \uprest\HandleAppClick endpoint passing the application's key GUID via the appkey query parameter:

GET /uprest/HandleAppClick?appkey=12341234-f77b-47e7-a519-e3b5b793905a&antixss=AOk1nyB5OyLW0ovo_iiyZw__&markAppVisited=true

The response is in HTML format and contains an input element named SAMLresponse where the SAML information is stored in its value tag:

<form name="myform" method="post" action="">
  <input type="hidden" name="SAMLResponse" value="PD94bWwgdmVASDFWEFZvawdcew143..." />
  <input type="hidden" name="TARGET" value=""/>
<script type="text/JavaScript">

Once your application obtains this response it will need to parse the HTML looking for the SAMLResponse element and value.

Try the API in Postman:
Run in PostmanRun in Postman