updateSamlIdentityProvider()

The updateSamlIdentityProvider() GraphQL mutation is used to update information related to an SAML identity provider in LogScale.

Related to this mutation there is the newSamlIdentityProvider() mutation for adding a new SAML identity provider. There is also the query, samlIdentityProvider() to get information on a provider.

For more information on SAML, see the Authenticate with SAML documentation page. You may also want to look at Requirements for identity provider configuration for related information.

API Stability Long-Term

Syntax

graphql

updateSamlIdentityProvider(
     domains: [string]!,
     id: string!,
     idpEntityId: string!,
     name: string!,
     signOnUrl: string!,
     adminAttribute: string,
     adminAttributeMatch: string,
     alternativeIdpCertificateInBase64: string,
     defaultIdp: boolean,
     enableDebug: boolean,
     groupMembershipAttribute: string,
     humioOwned: boolean,
     idpCertificateInBase64: string,
     lazyCreateUsers: boolean,
     metadataEndpointUrl: string,
     userAttribute: string,
   ): SamlIdentityProvider!

For the input, you would provide the name and the unique identifier of the SAML identity provider, the entity, the domains, and the sign-on URL. See the Given Datatype section for details and more.

For the results, you may get plenty information on the SAML identity provider. You'll probably want parameters you haven't just changed with this mutation. See the Returned Datatype section for more.

Example

Raw

graphql

mutation {
  updateSamlIdentityProvider(
      id: "abc123",
      name: "Samuel-IDP",
      signOnUrl: "https://my.samlidp.com",
      idpCertificateInBase64: "12345678",
      idpEntityId: "abc123",
      domains: ["humio"]
  )
  { id }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateSamlIdentityProvider(
      id: \"abc123\",
      name: \"Samuel-IDP\",
      signOnUrl: \"https://my.samlidp.com\",
      idpCertificateInBase64: \"12345678\",
      idpEntityId: \"abc123\",
      domains: [\"humio\"]
  )
  { id }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  updateSamlIdentityProvider(
      id: \"abc123\",
      name: \"Samuel-IDP\",
      signOnUrl: \"https://my.samlidp.com\",
      idpCertificateInBase64: \"12345678\",
      idpEntityId: \"abc123\",
      domains: [\"humio\"]
  )
  { id }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  updateSamlIdentityProvider( ^
      id: \"abc123\", ^
      name: \"Samuel-IDP\", ^
      signOnUrl: \"https://my.samlidp.com\", ^
      idpCertificateInBase64: \"12345678\", ^
      idpEntityId: \"abc123\", ^
      domains: [\"humio\"] ^
  ) ^
  { id } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  updateSamlIdentityProvider(
      id: \"abc123\",
      name: \"Samuel-IDP\",
      signOnUrl: \"https://my.samlidp.com\",
      idpCertificateInBase64: \"12345678\",
      idpEntityId: \"abc123\",
      domains: [\"humio\"]
  )
  { id }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  updateSamlIdentityProvider(
      id: \"abc123\",
      name: \"Samuel-IDP\",
      signOnUrl: \"https://my.samlidp.com\",
      idpCertificateInBase64: \"12345678\",
      idpEntityId: \"abc123\",
      domains: [\"humio\"]
  )
  { id }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  updateSamlIdentityProvider(
      id: \"abc123\",
      name: \"Samuel-IDP\",
      signOnUrl: \"https://my.samlidp.com\",
      idpCertificateInBase64: \"12345678\",
      idpEntityId: \"abc123\",
      domains: [\"humio\"]
  )
  { id }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  updateSamlIdentityProvider(
      id: \"abc123\",
      name: \"Samuel-IDP\",
      signOnUrl: \"https://my.samlidp.com\",
      idpCertificateInBase64: \"12345678\",
      idpEntityId: \"abc123\",
      domains: [\"humio\"]
  )
  { id }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "updateSamlIdentityProvider": {
      "id": "abc123"
    }
  }
}

Given Datatype

For the input, you would provide the name and the unique identifier of the SAML identity provider, the entity, the domains, and the sign-on URL. You may provide several other parameters. They're listed in the table below:

Table: Input Using Standard Datatypes

Parameter	Type	Required	Description
adminAttribute	string		An administrative attribute — for internal use only.
adminAttributeMatch	string		An administrative attribute match — for internal use only.
alternativeIdpCertificateInBase64	string		An alternative certificate to be used for identity provider signature validation. Useful for handling certificate rollover.
defaultIdp	boolean		The default identity provider.
domains	[string]	yes	A list of domains.
enableDebug	string		Whether to enable debugging.
groupMembershipAttribute	string		A group membership attribute.
humioOwned	boolean		Whether it's Humio owned — for internal use only.
xxxxx	string	yes	Text
id	string	yes	The unique identifier of the SAML identity provider.
idpCertificateInBase64	string		The identity provider certificate in base64.
idpEntityId	string	yes	The identity provider's entity identifier.
lazyCreateUsers	boolean		Whether to allow lazy creating of users during login.
metadataEndpointUrl	string	yes	The SAML metadata endpoint from which to fetch the identity provider's signing certificate.
name	string	yes	The name of the identity provider.
signOnUrl	string	yes	The sign-on URL.
userAttribute	string		Any user attribute.

Returned Datatype

You may specify many parameters related to data that's returned, such as the sign-on URL, authentication method used, user information, etc. Below is a list of choices, along with descriptions of them:

Table: SamlIdentityProvider

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Mar 17, 2025
adminAttribute	string		`Long-Term`	This field is for internal use only by LogScale.
adminAttributeMatch	string		`Long-Term`	This field is for internal use only by LogScale.
alternativeIdpCertificateInBase64	string		`Long-Term`	An alternative IdP certificate using Base64 encoding.
authenticationMethod	AuthenticationMethodAuth	yes	`Long-Term`	The authentication method used. See AuthenticationMethodAuth.
debug	boolean	yes	`Long-Term`	Whether debugging is enabled.
defaultIdp	boolean	yes	`Long-Term`	Whether the identity service provider is the default.
domains	[string]	yes	`Long-Term`	The domains of the SAML identity provider.
groupMembershipAttribute	string		`Long-Term`	The saml attribute used to extract groups from when receiving the SamlResponse from the IDP. The groups from the response will be used to synchronize the membership of groups in LogScale. The group name and external provider name of the group are matched in LogScale.
humioManaged	boolean	yes	`Long-Term`	Where SAML authentication is managed by LogScale.
id	string	yes	`Long-Term`	The unique identifier for the SAML installation.
idpCertificateInBase64	string	yes	`Long-Term`	The identity provider's certificated converted to Base64.
idpEntityId	string	yes	`Long-Term`	The unique identifier of the IDP entity.
lazyCreateUsers	boolean	yes	`Long-Term`	Whether to wait to create users until necessary.
name	string	yes	`Long-Term`	The name of the SAML identity provider.
signOnUrl	string	yes	`Long-Term`	The URL of where the sign on page is located.
userAttribute	string		`Long-Term`	This is the saml attribute from which to extract username when receiving the `SamlResponse` from the IDP. If not specified, the default `saml:NameID` will be used.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes