From 59030549be90e1f6cb336ea8ab14d15756a1e2af Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 24 Jun 2021 09:29:43 +0300 Subject: [PATCH] Add REST API specification for SAML APIs (#72839) These API specifications were originally not added as we considered them internal. --- .../api/security.saml_authenticate.json | 28 +++++++++++++++++ .../api/security.saml_invalidate.json | 28 +++++++++++++++++ .../api/security.saml_logout.json | 28 +++++++++++++++++ .../security.saml_prepare_authentication.json | 28 +++++++++++++++++ ...curity.saml_service_provider_metadata.json | 30 +++++++++++++++++++ 5 files changed, 142 insertions(+) create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json create mode 100644 rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_service_provider_metadata.json diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json new file mode 100644 index 0000000000000..e1247d87319ea --- /dev/null +++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_authenticate.json @@ -0,0 +1,28 @@ +{ + "security.saml_authenticate":{ + "documentation":{ + "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-authenticate.html", + "description":"Exchanges a SAML Response message for an Elasticsearch access token and refresh token pair" + }, + "stability":"stable", + "visibility":"public", + "headers":{ + "accept": [ "application/json"], + "content_type": ["application/json"] + }, + "url":{ + "paths":[ + { + "path":"/_security/saml/authenticate", + "methods":[ + "POST" + ] + } + ] + }, + "body":{ + "description":"The SAML response to authenticate", + "required":true + } + } +} diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json new file mode 100644 index 0000000000000..c18c338817901 --- /dev/null +++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_invalidate.json @@ -0,0 +1,28 @@ +{ + "security.saml_invalidate":{ + "documentation":{ + "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-invalidate.html", + "description":"Consumes a SAML LogoutRequest" + }, + "stability":"stable", + "visibility":"public", + "headers":{ + "accept": [ "application/json"], + "content_type": ["application/json"] + }, + "url":{ + "paths":[ + { + "path":"/_security/saml/invalidate", + "methods":[ + "POST" + ] + } + ] + }, + "body":{ + "description":"The LogoutRequest message", + "required":true + } + } +} diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json new file mode 100644 index 0000000000000..148805b16a853 --- /dev/null +++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_logout.json @@ -0,0 +1,28 @@ +{ + "security.saml_logout":{ + "documentation":{ + "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-logout.html", + "description":"Invalidates an access token and a refresh token that were generated via the SAML Authenticate API" + }, + "stability":"stable", + "visibility":"public", + "headers":{ + "accept": [ "application/json"], + "content_type": ["application/json"] + }, + "url":{ + "paths":[ + { + "path":"/_security/saml/logout", + "methods":[ + "POST" + ] + } + ] + }, + "body":{ + "description":"The tokens to invalidate", + "required":true + } + } +} diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json new file mode 100644 index 0000000000000..5691e0d0792ff --- /dev/null +++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_prepare_authentication.json @@ -0,0 +1,28 @@ +{ + "security.saml_prepare_authentication":{ + "documentation":{ + "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-prepare-authentication.html", + "description":"Creates a SAML authentication request" + }, + "stability":"stable", + "visibility":"public", + "headers":{ + "accept": [ "application/json"], + "content_type": ["application/json"] + }, + "url":{ + "paths":[ + { + "path":"/_security/saml/prepare", + "methods":[ + "POST" + ] + } + ] + }, + "body":{ + "description":"The realm for which to create the authentication request, identified by either its name or the ACS URL", + "required":true + } + } +} diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_service_provider_metadata.json b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_service_provider_metadata.json new file mode 100644 index 0000000000000..7f7cd557821cc --- /dev/null +++ b/rest-api-spec/src/main/resources/rest-api-spec/api/security.saml_service_provider_metadata.json @@ -0,0 +1,30 @@ +{ + "security.saml_service_provider_metadata":{ + "documentation":{ + "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-sp-metadata.html", + "description":"Generates SAML metadata for the Elastic stack SAML 2.0 Service Provider" + }, + "stability":"stable", + "visibility":"public", + "headers":{ + "accept": [ "application/json"], + "content_type": ["application/json"] + }, + "url":{ + "paths":[ + { + "path":"/_security/saml/metadata/{realm_name}", + "methods":[ + "GET" + ], + "parts":{ + "realm_name":{ + "type":"string", + "description":"The name of the SAML realm to get the metadata for" + } + } + } + ] + } + } +}