Get a SAML Assertion for a Configured App

Overview

CyberArk Identity provides the ability to get SAML information for a configured application.

This page described the API workflow for programmatically obtaining SAML assertions for a configured application on a tenant.

Before continuing, ensure you are familiar with:

The remainder of this document assumes that you have already authenticated the user and have obtained the authentication token necessary to invoke subsequent endpoints.

Obtaining a SAML Response

Invoke the \uprest\HandleAppClick endpoint passing the application's key GUID via the appkey query parameter:

GET /uprest/HandleAppClick?appkey=12341234-f77b-47e7-a519-e3b5b793905a&antixss=AOk1nyB5OyLW0ovo_iiyZw__&markAppVisited=true

The response is in HTML format and contains an input element named SAMLresponse where the SAML information is stored in its value tag:

<html>
<head>
</head>
<body>
<form name="myform" method="post" action="https://sso.services.box.net/sp/ACS.saml2">
  <input type="hidden" name="SAMLResponse" value="PD94bWwgdmVASDFWEFZvawdcew143..." />
  <input type="hidden" name="TARGET" value="https://sso.services.box.net/sp/ACS.saml2"/>
  
</form>
<script type="text/JavaScript">
document.myform.submit();
</script>
</body>

Once your application obtains this response it will need to parse the HTML looking for the SAMLResponse element and value.

Try the API in Postman:
Run in PostmanRun in Postman