GET /saml/meta

Retrieve the public SAML certificate and URLs you need to configure an identity provider. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, the request is a basic call with authentication, such as:

curl "https://$(puppet config print server):4433/rbac-api/v1/saml/meta" -H "X-Authentication:$(puppet-access show)"

Response format

If the instance is not a replica and the certificate exists, the endpoint returns 200 OK and an object containing these keys:

Key	Definition
meta	A URL to the public metadata endpoint for the SAML service provider. Some IdP configurations also require this URL in the entity-id and/or audience_restriction fields
slo	A URL to the public logout service for SAML.
acs	A URL to the public assertion service for SAML.
cert	A string representing the public SAML certificate.

For example:

{
   "meta": "https://localhost/saml/v1/meta",
   "acs": "https://localhost/saml/v1/acs",
   "slo": "https://localhost/saml/vi/slo",
   "cert": "-----BEGIN CERTIFICATE-----\nMIIFo ..."
}

Use these values to configure your identity provider. After configuration, your identity provider supplies the required values for configuring SAML in Puppet Enterprise (PE). You can also see this information in the PE console on the SSO tab.

Error response

Returns 404 Not Found if the public key file doesn't exist or the SAML key entries aren't present in the configuration.

For other errors, refer to RBAC service errors .