Avnology ID
API ReferenceSAML (IdP)

Certificates

Generate, activate, and revoke SAML signing certificates.

RPCs

MethodPath
ListCertificatesGET /v1/saml/certificates
GenerateCertificatePOST /v1/saml/certificates:generate
ActivateCertificatePOST /v1/saml/certificates/{id}:activate
RevokeCertificatePOST /v1/saml/certificates/{id}:revoke

Base URL: https://<Domain id="api"/>

Authentication: Bearer token with saml_idp:write.

Rotation workflow

  1. Generate a new certificate -- it starts inactive.
  2. Download the public part and share it with your SPs (update their IdP metadata).
  3. Once all SPs have the new cert, Activate it. This switches signing to the new cert atomically.
  4. Keep the old cert alive until you've confirmed every SP has rotated, then Revoke it.

Generate a new cert

Response (201 Created)

{
  "id": "smlc_01H7X3K9Q1",
  "x509_pem": "-----BEGIN CERTIFICATE-----\nMIIDXT...\n-----END CERTIFICATE-----\n",
  "algorithm": "RSA",
  "key_size": 3072,
  "not_before": "2026-04-17T12:00:00Z",
  "not_after":  "2028-04-17T12:00:00Z",
  "active": false

Attribute Mappings

Translate Avnology identity fields into SAML assertion attributes on a per-SP basis.

Validate & Test Assertion

Validate an inbound SAML assertion or generate a test one without an end-user flow.

On this page

RPCsRotation workflowGenerate a new certResponse (201 Created)