From 55acf79cf5486592ee5edf0a39f7a95927c2ba3e Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Fri, 7 May 2021 08:56:23 +0300
Subject: [PATCH 1/2] Add REST API specification for SAML APIs

relates: #67189
---
 .../api/security.saml_authenticate.json       | 27 +++++++++++++++++
 .../api/security.saml_invalidate.json         | 27 +++++++++++++++++
 .../api/security.saml_logout.json             | 27 +++++++++++++++++
 .../security.saml_prepare_authentication.json | 27 +++++++++++++++++
 .../api/security.saml_sp_metadata.json        | 29 +++++++++++++++++++
 5 files changed, 137 insertions(+)
 create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json
 create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json
 create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json
 create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json
 create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_sp_metadata.json

diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json
new file mode 100644
index 0000000000000..5d624925f3eb5
--- /dev/null
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json
@@ -0,0 +1,27 @@
+{
+  "security.saml_authenticate":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-authenticate.html",
+      "description":"Exchanges a SAML Response message for an elasticsearch access token and refresh token pair"
+    },
+    "stability":"stable",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/saml/authenticate",
+          "methods":[
+            "POST"
+          ]
+        }
+      ]
+    },
+    "body":{
+      "description":"The SAML response to authenticate",
+      "required":true
+    }
+  }
+}
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json
new file mode 100644
index 0000000000000..b33a58a80183f
--- /dev/null
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json
@@ -0,0 +1,27 @@
+{
+  "security.saml_invalidate":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-invalidate.html",
+      "description":"Consumes a SAML LogoutRequest"
+    },
+    "stability":"stable",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/saml/invalidate",
+          "methods":[
+            "POST"
+          ]
+        }
+      ]
+    },
+    "body":{
+      "description":"The LogoutRequest message",
+      "required":true
+    }
+  }
+}
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json
new file mode 100644
index 0000000000000..09c41d5b71c7e
--- /dev/null
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json
@@ -0,0 +1,27 @@
+{
+  "security.saml_logout":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-logout.html",
+      "description":"Invalidates an access token and a refresh token that were generated via the SAML Authenticate API"
+    },
+    "stability":"stable",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/saml/logout",
+          "methods":[
+            "POST"
+          ]
+        }
+      ]
+    },
+    "body":{
+      "description":"The tokens to invalidate",
+      "required":true
+    }
+  }
+}
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json
new file mode 100644
index 0000000000000..0a222bd22243d
--- /dev/null
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json
@@ -0,0 +1,27 @@
+{
+  "security.saml_prepare_authentication":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-prepare-authentication.html",
+      "description":"Creates a SAML authentication request"
+    },
+    "stability":"stable",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/saml/prepare",
+          "methods":[
+            "POST"
+          ]
+        }
+      ]
+    },
+    "body":{
+      "description":"The realm for which to create the authentication request, identified by either its name or the ACS url",
+      "required":true
+    }
+  }
+}
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_sp_metadata.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_sp_metadata.json
new file mode 100644
index 0000000000000..0deb37ff12cd9
--- /dev/null
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_sp_metadata.json
@@ -0,0 +1,29 @@
+{
+  "security.saml_sp_metadata":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-sp-metadata.html",
+      "description":"Generates SAML metadata for the elastic stack SAML 2.0 Service Provider"
+    },
+    "stability":"stable",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/saml/metadata/{realm_name}",
+          "methods":[
+            "GET"
+          ],
+          "parts":{
+            "name":{
+              "type":"string",
+              "description":"The name of the SAML realm to get the metadata for"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

From 04a57de5c7576aacf567f48bbbb1447ea824b6cd Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ioannis@elastic.co>
Date: Tue, 15 Jun 2021 14:14:09 +0300
Subject: [PATCH 2/2] address feedback

---
 .../rest-api-spec/api/security.saml_authenticate.json    | 5 +++--
 .../rest-api-spec/api/security.saml_invalidate.json      | 3 ++-
 .../rest-api-spec/api/security.saml_logout.json          | 3 ++-
 .../api/security.saml_prepare_authentication.json        | 5 +++--
 ...json => security.saml_service_provider_metadata.json} | 9 +++++----
 5 files changed, 15 insertions(+), 10 deletions(-)
 rename rest-api-spec/src/main/resources/rest-api-spec/api/{security.saml_sp_metadata.json => security.saml_service_provider_metadata.json} (72%)

diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json
index 5d624925f3eb5..e1247d87319ea 100644
--- a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json
@@ -2,12 +2,13 @@
   "security.saml_authenticate":{
     "documentation":{
       "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-authenticate.html",
-      "description":"Exchanges a SAML Response message for an elasticsearch access token and refresh token pair"
+      "description":"Exchanges a SAML Response message for an Elasticsearch access token and refresh token pair"
     },
     "stability":"stable",
     "visibility":"public",
     "headers":{
-      "accept": [ "application/json"]
+      "accept": [ "application/json"],
+      "content_type": ["application/json"]
     },
     "url":{
       "paths":[
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json
index b33a58a80183f..c18c338817901 100644
--- a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json
@@ -7,7 +7,8 @@
     "stability":"stable",
     "visibility":"public",
     "headers":{
-      "accept": [ "application/json"]
+      "accept": [ "application/json"],
+      "content_type": ["application/json"]
     },
     "url":{
       "paths":[
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json
index 09c41d5b71c7e..148805b16a853 100644
--- a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json
@@ -7,7 +7,8 @@
     "stability":"stable",
     "visibility":"public",
     "headers":{
-      "accept": [ "application/json"]
+      "accept": [ "application/json"],
+      "content_type": ["application/json"]
     },
     "url":{
       "paths":[
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json
index 0a222bd22243d..5691e0d0792ff 100644
--- a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json
@@ -7,7 +7,8 @@
     "stability":"stable",
     "visibility":"public",
     "headers":{
-      "accept": [ "application/json"]
+      "accept": [ "application/json"],
+      "content_type": ["application/json"]
     },
     "url":{
       "paths":[
@@ -20,7 +21,7 @@
       ]
     },
     "body":{
-      "description":"The realm for which to create the authentication request, identified by either its name or the ACS url",
+      "description":"The realm for which to create the authentication request, identified by either its name or the ACS URL",
       "required":true
     }
   }
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_sp_metadata.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_service_provider_metadata.json
similarity index 72%
rename from rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_sp_metadata.json
rename to rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_service_provider_metadata.json
index 0deb37ff12cd9..7f7cd557821cc 100644
--- a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_sp_metadata.json
+++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_service_provider_metadata.json
@@ -1,13 +1,14 @@
 {
-  "security.saml_sp_metadata":{
+  "security.saml_service_provider_metadata":{
     "documentation":{
       "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-sp-metadata.html",
-      "description":"Generates SAML metadata for the elastic stack SAML 2.0 Service Provider"
+      "description":"Generates SAML metadata for the Elastic stack SAML 2.0 Service Provider"
     },
     "stability":"stable",
     "visibility":"public",
     "headers":{
-      "accept": [ "application/json"]
+      "accept": [ "application/json"],
+      "content_type": ["application/json"]
     },
     "url":{
       "paths":[
@@ -17,7 +18,7 @@
             "GET"
           ],
           "parts":{
-            "name":{
+            "realm_name":{
               "type":"string",
               "description":"The name of the SAML realm to get the metadata for"
             }