set-saml-response-decryption-key¶

subtitle: Sets encryption certificate and decryption key for SAML response sent from customer’s Identity Provider to CDP.
version: 0.9.151

Description¶

Sets encryption certificate and decryption key for SAML response sent from customer’s Identity Provider to CDP. These keys are generated and managed by the customer. The API always replaces the previously stored encryption and decryption keys with the given keys. The keys that are omitted from the request will be cleared. The encryption key will be used by the Identity Provider to encrypt the SAML response, and the decryption key will be used by CDP to decrypt the SAML response.

Synopsis¶

  set-saml-response-decryption-key
--saml-provider <value>
[--saml-response-encryption-certificate <value>]
[--current-saml-response-decryption-key <value>]
[--next-saml-response-decryption-key <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton]

Options¶

--saml-provider (string)

The name or CRN of the SAML Provider associated with the decryption key.

--saml-response-encryption-certificate (string)

The certificate used by Identity Provider for encrypting SAML responses. It must be in PEM format. It must be non-empty and valid when ‘currentSamlResponseDecryptionKey’ is also set. Setting it to an empty string will remove this certificate.

--current-saml-response-decryption-key (string)

The current private key used for decrypting incoming encrypted SAML responses from the customer’s Identity Provider to CDP. It must be in PEM format. It must be non-empty and valid when ‘samlResponseEncryptionCertificate’ is set. Setting it to an empty string will remove this key.

--next-saml-response-decryption-key (string)

The next private key used for decrypting incoming encrypted SAML responses from the customer’s IdP to CDP, during key rotation. It must be in PEM format. It is used for rotating keys without downtime, and is expected to be empty after key rotation completes. When both the current and next decryption keys are set, CDP will try to decrypt with both the keys. Both must be valid keys. Omitting this parameter from the request will remove it.

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.

Output¶

samlResponseEncryptionDecryptionConfigurationLastUpdated -> (datetime)

The date when SAML response encryption certificate and decryption keys were set or cleared.

samlResponseEncryptionCertificateDefined -> (boolean)

Whether the SAML response encryption certificate is set or cleared.

currentSamlResponseDecryptionKeyDefined -> (boolean)

Whether the current decryption key for SAML response is set or cleared.

nextSamlResponseDecryptionKeyDefined -> (boolean)

Whether the next decryption key for SAML response is set or cleared.

Form Factors¶

private

set-saml-response-decryption-key¶

Description¶

Synopsis¶

Options¶

Output¶

Form Factors¶

Table of Contents

Previous topic

Next topic