fetchSamlMetadataFromDiscoveryEndpoint()

API Stability Long-Term

The fetchSamlMetadataFromDiscoveryEndpoint() GraphQL query field will fetch the SAML metadata from a discovery endpoint provided.

For more information on SAML, see the Authenticate with SAML documentation page. You may also want to look at Requirements for identity provider configuration for related information.

Syntax

graphql

fetchSamlMetadataFromDiscoveryEndpoint(
      discoveryEndpoint: string!
   ): SamlMetadata

There are no special input datatypes for this query. Use the discoveryEndpoint parameter to specify the SAML metadata endpoint. For the results, you can get the ID, the URL, and their certificate to verify (see the Return Datatype section).

Example

Below is an example of this query, along with requests for several return parameters:

Raw

graphql

query {
  fetchSamlMetadataFromDiscoveryEndpoint(
     discoveryEndpoint: "https://saml.company.com"
     )
  {entityID, signOnUrl, certificate}
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  fetchSamlMetadataFromDiscoveryEndpoint(
     discoveryEndpoint: \"https://saml.company.com\"
     )
  {entityID, signOnUrl, certificate}
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  fetchSamlMetadataFromDiscoveryEndpoint(
     discoveryEndpoint: \"https://saml.company.com\"
     )
  {entityID, signOnUrl, certificate}
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  fetchSamlMetadataFromDiscoveryEndpoint( ^
     discoveryEndpoint: \"https://saml.company.com\" ^
     ) ^
  {entityID, signOnUrl, certificate} ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  fetchSamlMetadataFromDiscoveryEndpoint(
     discoveryEndpoint: \"https://saml.company.com\"
     )
  {entityID, signOnUrl, certificate}
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  fetchSamlMetadataFromDiscoveryEndpoint(
     discoveryEndpoint: \"https://saml.company.com\"
     )
  {entityID, signOnUrl, certificate}
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  fetchSamlMetadataFromDiscoveryEndpoint(
     discoveryEndpoint: \"https://saml.company.com\"
     )
  {entityID, signOnUrl, certificate}
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  fetchSamlMetadataFromDiscoveryEndpoint(
     discoveryEndpoint: \"https://saml.company.com\"
     )
  {entityID, signOnUrl, certificate}
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Returned Datatype

The returned datatype is used to get the SAML entity's unique identifier, sign-on URL, and their certificate. These are listed and described below:

Table: SamlMetadata

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Mar 19, 2025
certificate	string	yes	`Long-Term`	The SAML authentication certificate.
entityID	string	yes	`Long-Term`	The unique identifier of the entity.
signOnUrl	string	yes	`Long-Term`	The URL where the sign on page can be found.

Versions of this Page

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes