Method: accounts.issueSamlResponse

Experimental

HTTP request

POST https://identitytoolkit.googleapis.com/v1/accounts:issueSamlResponse

The URL uses gRPC Transcoding syntax.

Request body

The request body contains data with the following structure:

JSON representation
{
  "rpId": string,
  "idToken": string,
  "samlAppEntityId": string
}
Fields
rpId

string

Relying Party identifier, which is the audience of issued SAMLResponse.

idToken

string

The Identity Platform ID token. It will be verified and then converted to a new SAMLResponse.

samlAppEntityId

string

SAML app entity id specified in Google Admin Console for each app. If developers want to redirect to a third-party app rather than a G Suite app, they'll probably they need this. When it's used, we'll return a RelayState. This includes a SAMLRequest, which can be used to trigger a SP-initiated SAML flow to redirect to the real app.

Response body

If successful, the response body contains data with the following structure:

Response for accounts.issueSamlResponse request.

JSON representation
{
  "samlResponse": string,
  "acsEndpoint": string,
  "relayState": string,
  "email": string,
  "firstName": string,
  "lastName": string,
  "isNewUser": boolean
}
Fields
samlResponse

string

Signed SAMLResponse created for the Relying Party.

acsEndpoint

string

The ACS endpoint which consumes the returned SAMLResponse.

relayState

string

Generated RelayState.

email

string

Email of the user.

firstName

string

First name of the user.

lastName

string

Last name of the user.

isNewUser

boolean

Whether the logged in user was created by this request.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.