samlIdentityProvider()

API Stability Long-Term

The samlIdentityProvider() GraphQL query will get information on a SAML identity provider.

Related to this query are the mutations, newSamlIdentityProvider() for adding a new SAML identity provider, and updateSamlIdentityProvider() for making changes to one.

Syntax

graphql

samlIdentityProvider(
      id: string!
   ): SamlIdentityProvider!

There is no special input datatype for this query field. You'll have to give the unique identifier for the SAML identity provider. For the results, you can request several bits of information on the identify provider (e.g., sign-on URL, authentication method used, user information, etc.) See the Returned Datatype section for more.

Example

Below is an example of how this query field might be used:

Raw

graphql

query {
  samlIdentityProvider(id:"abc123")
  { id, name, domains, 
    authenticationMethod{authType} }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  samlIdentityProvider(id:\"abc123\")
  { id, name, domains, 
    authenticationMethod{authType} }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  samlIdentityProvider(id:\"abc123\")
  { id, name, domains, 
    authenticationMethod{authType} }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  samlIdentityProvider(id:\"abc123\") ^
  { id, name, domains,  ^
    authenticationMethod{authType} } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  samlIdentityProvider(id:\"abc123\")
  { id, name, domains, 
    authenticationMethod{authType} }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  samlIdentityProvider(id:\"abc123\")
  { id, name, domains, 
    authenticationMethod{authType} }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  samlIdentityProvider(id:\"abc123\")
  { id, name, domains, 
    authenticationMethod{authType} }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  samlIdentityProvider(id:\"abc123\")
  { id, name, domains, 
    authenticationMethod{authType} }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "samlIdentityProvider": {
      "id": "abc123",
      "name": "SAMLAuthentication",
      "authenticationMethod": {
        "authType": "Basic"
      },
    }
  }
}

Returned Datatype

You may specify many parameters related to data that's returned, such as the sign-on URL, authentication method used, user information, etc. Below is a list of choices, along with descriptions of them:

Table: SamlIdentityProvider

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Mar 17, 2025
adminAttribute	string		`Long-Term`	This field is for internal use only by LogScale.
adminAttributeMatch	string		`Long-Term`	This field is for internal use only by LogScale.
alternativeIdpCertificateInBase64	string		`Long-Term`	An alternative IdP certificate using Base64 encoding.
authenticationMethod	AuthenticationMethodAuth	yes	`Long-Term`	The authentication method used. See AuthenticationMethodAuth.
debug	boolean	yes	`Long-Term`	Whether debugging is enabled.
defaultIdp	boolean	yes	`Long-Term`	Whether the identity service provider is the default.
domains	[string]	yes	`Long-Term`	The domains of the SAML identity provider.
groupMembershipAttribute	string		`Long-Term`	The saml attribute used to extract groups from when receiving the SamlResponse from the IDP. The groups from the response will be used to synchronize the membership of groups in LogScale. The group name and external provider name of the group are matched in LogScale.
humioManaged	boolean	yes	`Long-Term`	Where SAML authentication is managed by LogScale.
id	string	yes	`Long-Term`	The unique identifier for the SAML installation.
idpCertificateInBase64	string	yes	`Long-Term`	The identity provider's certificated converted to Base64.
idpEntityId	string	yes	`Long-Term`	The unique identifier of the IDP entity.
lazyCreateUsers	boolean	yes	`Long-Term`	Whether to wait to create users until necessary.
name	string	yes	`Long-Term`	The name of the SAML identity provider.
signOnUrl	string	yes	`Long-Term`	The URL of where the sign on page is located.
userAttribute	string		`Long-Term`	This is the saml attribute from which to extract username when receiving the `SamlResponse` from the IDP. If not specified, the default `saml:NameID` will be used.

Versions of this Page

GraphQL Queries

GraphQL API Stability

GraphQL Mutations

GraphQL Datatypes