Create and Pass SAML Request

    Create a SAML request and pass it as a parameter of the SSO URL.

    Request URL

    Use the SSO URL issued when adding your app to SAML Apps in the Developer Console.

    Example) https://LINEWORKSAuthSystemURL/saml2/idp/mycompany.com

    • Please use HTTPS (443) communications according to LINE WORKS' infrastructure security policy.
    • Pass the SAMLRequest and RelayState parameters in the SSO URL issued by LINE WORKS.

    HTTP Method

    GET or POST

    Note

    • The encoding type of the SAML request differs depending on the HTTP method. See the parameter description in "Request" below.

    Request

    Parameter Type Required Description
    SAMLRequest String Y ● GET: A character string as specified in the SAML 2.0 Request Specification (encoded with Deflate + Base64)
    ● POST: A character string as specified in the SAML 2.0 Request Specification (encoded with Base64)
    RelayState String N A URL to which the user is redirected when the authentication fails.

    SAML Request Specification

     <?xml version="1.0" encoding="UTF-8"?>
     <saml2p:AuthnRequest
         xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
         AssertionConsumerServiceURL="{ACS URL registered in LINE WORKS }"
         ID="{ID}"
         IssueInstant="{SAML Request creation date and time}"
         ProtocolBinding="{Protocol Binding}"
         ProviderName="{Service Provider Name}"
         Version="2.0">
         <saml2:Issuer
             xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">{SP Issuer registered in LINE WORKS }</saml2:Issuer>
         <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
     </saml2p:AuthnRequest>
    

    Elements of the SAML request are described in the following table.

    Element Type Required Description
    AuthnRequest AssertionConsumerServiceURL String Y ACS URL to receive a SAML response.
    It must be the same as the ACS URL registered in the Developer Console.
    AuthnRequest ID String Y ID issued from the client. It is used to create a SAML response.
    AuthnRquest IssueInstant Date(UTC) Y SAML request creation date and time
    AuthnRequest ProtocolBinding String Y SAML response type. See "Protocol Binding" below.
    AutnnRequest ProviderName String N Client name
    Issuer String Y SP Issuer (Entity Id) registered in the Developer Console.
    NameIDPolicy Format String Y Set this to "UNSPECIFIED" for LINE WORKS.

    Protocol Binding

    Protocol binding Description
    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST The SAML response is encoded with Base64 and passed using the POST method.
    Others The SAML response is encoded with Deflate + Base64 and passed using the GET method.

    SAML Request Example

    <?xml version="1.0" encoding="UTF-8"?>
     <saml2p:AuthnRequest
         xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
         AssertionConsumerServiceURL="https://example.com/acs/vendor.com"
         ID="fiokocckbjonklcjiepfejmoehpebebmholeoibp"
         IssueInstant="2018-02-25T07:42:35Z"
         ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
         ProviderName="example.com"
         Version="2.0">
         <saml2:Issuer
             xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SPIssuer</saml2:Issuer>
         <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
     </saml2p:AuthnRequest>