A collection of help pages for using the API.
F�retagsplatsen has support to act as a SAML Service Provider for agencies (only for agencies) with their own identity provider. We support Single-Sign-On (SSO) via SAML 2.0 Web Browser SSO Profile and authentication of API-requests (server to server).
In order to use SAML you need to register your agency for SAML usage with F�retagsplatsen. Please contact us and we will help you with the registration. We will request the following information during the registration process.
You need the following URLs to use our SAML Service Provider.
SSO URL | See the chapter Single-Sign-On (SSO) for addresses to the service |
Assertion consumer service URL | https://web.foretagsplatsen.se/Account/SamlLogin |
The diagram below shows the flow for Web Browser SSO Profile involving a Service Provider (F�retagsplatsen), an Identity Provider (Partner) and an user with a webbrowser.
There are no user details being stored in F�retagsplatsen's system when an agency is using authentication via SAML. Users are created temporarily for each session based on the information in the login-request. Hence, the information that is being sent must be encrypted and contain claims, whose attribute values ends with:
Below is an example of a SAML assertion.
<AttributeStatement xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"> <AttributeValue>test</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"> <AttributeValue>test@pwc.se</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/language"> <AttributeValue>test@pwc.se</AttributeValue> </Attribute> <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"> <AttributeValue>123456-9876|CompanyLimitedRole </AttributeValue> <AttributeValue>666666-6661|CompanyNormalRole</AttributeValue> </Attribute> </AttributeStatement>
Below are a lists of the different user types and roles
In order for a HTTP request to be authenticated with F�retagsplatsen's API it will need a SamlAssertion field in the header. This field shall contain an encrypted SAML assertion that authenticates the user.
var request = (HttpWebRequest)WebRequest.Create("https://web.foretagsplatsen.se/Api/v2/Controller/Action"); request.Accept = "application/json"; request.Method = "GET"; request.Headers.Add("SamlAssertion", GetEncryptedSamlAssertion()); WebResponse response = request.GetResponse(); using (var reader = new StreamReader(response.GetResponseStream())) { string jsonResult = reader.ReadToEnd(); � }