All Classes Functions Pages
CustomerSSOLoginExamples Class Reference

Detailed Description

Examples for Login Customer using Single Sign-On(SSO)

Example 1 - Login an existing customer using SSO

This example demonstrates the following:

  • Login a customer using SSO when customer doesn't need to be created or updated.
  • Here customer is identified through the value provided in the subject attribute in SAML assertion.

This example assumes that 5 concurrent sessions for this customer do not exist, hence the API will be successful.

XML

Request

Method URL
POST /ws/v15/context/authentication/user/sso/oauth2/token

Request headers

Name Value
Accept application/xml
Content-Type application/x-www-form-urlencoded
Accept-Language en-US

Request body:
Following form parameters are sent in the request. For easier understanding, the SAML assertion is shown without Base64 encoding below.

Name Value
grant_type urn:ietf:params:oauth:grant-type:saml2-bearer
assertion 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="ECE Application" ID="ab30t4g4k4h6o3l33ossn9mdsr253" IssueInstant="2016-02-18T23:29:12.952Z" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:assertion">idp.fmfm</saml2:Issuer>
   <saml2p:Status>
      <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </saml2p:Status>
   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="ab1mrec9ffamqhh1bn8op842bj3e7" IssueInstant="2016-02-18T23:29:00.000Z" Version="2.0">
      <saml2:Issuer>idp.fmfm</saml2:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#ab1mrec9ffamqhh1bn8op842bj3e7">
               <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                     <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
                  </ds:Transform>
               </ds:Transforms>
               <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <ds:DigestValue>l7SB8XPY4XTH2pHCsna1Hzs5B7M=</ds:DigestValue>
            </ds:Reference>
         </ds:SignedInfo>
         <ds:SignatureValue>RMsYB9iR0Wn9j8R1ZKCReg+NZcCOotFY5gXyCRk1bqqJf6N6oFapDcB7CKjMK506hr0YvJADjm0G
4cVnac5G9VduJShTGTQE2TwPEDSaepMvZv6Wtej29N0P9SHT0L2PD2SI59NQjqlikX4+Iz7X6LiA
ndk88XJGM1Jf3rc5HKodDzn733GRV9kZxXYIsgpqRks4iKltyMCoINqF60vcFoazOKDrDWFYIMPb
ppJL68DU65r8u0zbE8b08NgF3T78pbF5z3nl2r7X9IngFmAj9ViIUTFCkRs+5r5nTim7gi26hTNN
3JZBxClbJ8Td2AqKXaWFsO15wyD8mUveZjZ37A==</ds:SignatureValue>
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>MIIDUTCCAjmgAwIBAgIJAKwup+gH9s97MA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoTCmVHYWluIENvcnAxEzARBgNVBAsTCmVH
YWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTAeFw0xNjAyMTExOTI2MDRaFw0yNjAyMDgx
OTI2MDRaMGgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoT
CmVHYWluIENvcnAxEzARBgNVBAsTCmVHYWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALI36zAFtgGnPkireim78TZwzj/IgdBuHtOL
SmTcHnqEXEMF+XxVS+V6ZUhwogM7gePZare8k5uKMQ7NDQRvJ4yDnIURaasuFCSUJGHLleAHJWDH
+KenxdZ9iuPfbRNfU/mqQwRiikxr5BqRkIiYGS25TQBiaGhNbzQLuvDg3QjzqR//7SzEemayF4d7
XrXuia+iD/u8zThyoQmoeAhjIj7bxo/vRD/8+5hvzF3qS7P1XOIq3OkdCuI3SBzD4SPfDoJU14Bx
Wzp3vGU+MMC25vUmvbDMEcstqblTv9qrbLIZyTWcHOXBzjPAYpmwxCHFfAFXVpwJ51ccckIuM7cA
klMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAII9CtR6FFbc7zXAPMF3FN2v3ms2hwwjJxUif6b5G
DAvmfcJBUvkTMRwHve43gTaiFmcDHkp1hxQ8PDlLOkujEa5yuGIB9I/Hxqhkiv9Vm6qorZ2pPM9d
2nA8NQ4DKWaXxY/OcGCFr5NNwIhQCp30F3bFAHFoUIdsedyk7VhQjY5bH3+TkT4U+Irjd6TE+xpt
8WNIwWum58QUYdmvoIRus6v5PRPlATBu7w6plkm8S/IoqXm9P0940m5QHcChGEywGGFGFplHomgv
wtM8Apj6QC2Zq1VTw+G1z9fKsgFu/gIAEW8pcW9PFG9qHSZxAKS6F1TGmxYmqcbkdP3LSdwE6Q==</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </ds:Signature>
      <saml2:Subject>
         <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="ECE Corp">111-20-2989</saml2:NameID>
         <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml2:SubjectConfirmationData NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z" Recipient="ECE" />
         </saml2:SubjectConfirmation>
      </saml2:Subject>
      <saml2:Conditions NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AudienceRestriction>
            <saml2:Audience>ECE</saml2:Audience>
         </saml2:AudienceRestriction>
      </saml2:Conditions>
      <saml2:AuthnStatement AuthnInstant="2016-02-18T23:29:00.000Z" SessionIndex="ab1glarme5edcr6edrahcqts9sni5" SessionNotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
         </saml2:AuthnContext>
      </saml2:AuthnStatement>
   </saml2:Assertion>
</saml2p:Response>

Response:
HTTP/1.1 200 OK

Response headers

Name Values
X-egain-session Newly generated session ID
Content-Type application/xml

Response body 

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<oAuthResponse xmlns="http://bindings.egain.com/ws/model/v15/gen/platform">
    <access_token>ffeb110f-87ed-4532-a8d4-37d250144a17</access_token>
    <token_type>Bearer</token_type>
</oAuthResponse>

JSON

Request

Method URL
POST /ws/v15/context/authentication/user/sso/oauth2/token

Request headers :

Name Value
Content-Type application/x-www-form-urlencoded
Accept application/json
Accept-Language en-US

Request body:
Following form parameters are sent in the request. For easier understanding, the SAML assertion is shown without Base64 encoding below.

Name Value
grant_type urn:ietf:params:oauth:grant-type:saml2-bearer
assertion 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="ECE Application" ID="ab30t4g4k4h6o3l33ossn9mdsr253" IssueInstant="2016-02-18T23:29:12.952Z" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:assertion">idp.fmfm</saml2:Issuer>
   <saml2p:Status>
      <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </saml2p:Status>
   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="ab1mrec9ffamqhh1bn8op842bj3e7" IssueInstant="2016-02-18T23:29:00.000Z" Version="2.0">
      <saml2:Issuer>idp.fmfm</saml2:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#ab1mrec9ffamqhh1bn8op842bj3e7">
               <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                     <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
                  </ds:Transform>
               </ds:Transforms>
               <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <ds:DigestValue>l7SB8XPY4XTH2pHCsna1Hzs5B7M=</ds:DigestValue>
            </ds:Reference>
         </ds:SignedInfo>
         <ds:SignatureValue>RMsYB9iR0Wn9j8R1ZKCReg+NZcCOotFY5gXyCRk1bqqJf6N6oFapDcB7CKjMK506hr0YvJADjm0G
4cVnac5G9VduJShTGTQE2TwPEDSaepMvZv6Wtej29N0P9SHT0L2PD2SI59NQjqlikX4+Iz7X6LiA
ndk88XJGM1Jf3rc5HKodDzn733GRV9kZxXYIsgpqRks4iKltyMCoINqF60vcFoazOKDrDWFYIMPb
ppJL68DU65r8u0zbE8b08NgF3T78pbF5z3nl2r7X9IngFmAj9ViIUTFCkRs+5r5nTim7gi26hTNN
3JZBxClbJ8Td2AqKXaWFsO15wyD8mUveZjZ37A==</ds:SignatureValue>
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>MIIDUTCCAjmgAwIBAgIJAKwup+gH9s97MA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoTCmVHYWluIENvcnAxEzARBgNVBAsTCmVH
YWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTAeFw0xNjAyMTExOTI2MDRaFw0yNjAyMDgx
OTI2MDRaMGgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoT
CmVHYWluIENvcnAxEzARBgNVBAsTCmVHYWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALI36zAFtgGnPkireim78TZwzj/IgdBuHtOL
SmTcHnqEXEMF+XxVS+V6ZUhwogM7gePZare8k5uKMQ7NDQRvJ4yDnIURaasuFCSUJGHLleAHJWDH
+KenxdZ9iuPfbRNfU/mqQwRiikxr5BqRkIiYGS25TQBiaGhNbzQLuvDg3QjzqR//7SzEemayF4d7
XrXuia+iD/u8zThyoQmoeAhjIj7bxo/vRD/8+5hvzF3qS7P1XOIq3OkdCuI3SBzD4SPfDoJU14Bx
Wzp3vGU+MMC25vUmvbDMEcstqblTv9qrbLIZyTWcHOXBzjPAYpmwxCHFfAFXVpwJ51ccckIuM7cA
klMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAII9CtR6FFbc7zXAPMF3FN2v3ms2hwwjJxUif6b5G
DAvmfcJBUvkTMRwHve43gTaiFmcDHkp1hxQ8PDlLOkujEa5yuGIB9I/Hxqhkiv9Vm6qorZ2pPM9d
2nA8NQ4DKWaXxY/OcGCFr5NNwIhQCp30F3bFAHFoUIdsedyk7VhQjY5bH3+TkT4U+Irjd6TE+xpt
8WNIwWum58QUYdmvoIRus6v5PRPlATBu7w6plkm8S/IoqXm9P0940m5QHcChGEywGGFGFplHomgv
wtM8Apj6QC2Zq1VTw+G1z9fKsgFu/gIAEW8pcW9PFG9qHSZxAKS6F1TGmxYmqcbkdP3LSdwE6Q==</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </ds:Signature>
      <saml2:Subject>
         <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="ECE Corp">111-20-2989</saml2:NameID>
         <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml2:SubjectConfirmationData NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z" Recipient="ECE" />
         </saml2:SubjectConfirmation>
      </saml2:Subject>
      <saml2:Conditions NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AudienceRestriction>
            <saml2:Audience>ECE</saml2:Audience>
         </saml2:AudienceRestriction>
      </saml2:Conditions>
      <saml2:AuthnStatement AuthnInstant="2016-02-18T23:29:00.000Z" SessionIndex="ab1glarme5edcr6edrahcqts9sni5" SessionNotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
         </saml2:AuthnContext>
      </saml2:AuthnStatement>
   </saml2:Assertion>
</saml2p:Response>

Response:
HTTP/1.1 200 OK

Response headers

Name Values
X-egain-session Newly generated session ID
Content-Type application/json

Response body 

{
    "access_token": "ffeb110f-87ed-4532-a8d4-37d250144a17",
    "token_type": "Bearer"
}



Example 2 - Login a new customer with supported query parameters

This example demonstrates the following:

  • Login a customer using SSO, when customer doesn't exist and will be created as part of the completing the request.
  • Sending customer identifier in the subject of SAML assertion.
  • Using the forceLogin query parameter in the request.
  • Using the providerId query parameter in the request.

This example assumes that subject sent in the SAML assertion is not associated to any customer in the application, hence a new customer will be created with the provided SAML attributes.

XML

Request

Method URL
POST /ws/v15/context/authentication/user/sso/oauth2/token?forceLogin=yes&providerId=186A1

Request headers

Name Value
Accept application/xml
Content-Type application/x-www-form-urlencoded
Accept-Language en-US

Request body:
Following form parameters are sent in the request. For easier understanding, the SAML assertion is shown without Base64 encoding below.

Name Value
grant_type urn:ietf:params:oauth:grant-type:saml2-bearer
assertion 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="ECE Application" ID="ab30t4g4k4h6o3l33ossn9mdsr253" IssueInstant="2016-02-18T23:29:12.952Z" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:assertion">idp.fmfm</saml2:Issuer>
   <saml2p:Status>
      <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </saml2p:Status>
   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="ab1mrec9ffamqhh1bn8op842bj3e7" IssueInstant="2016-02-18T23:29:00.000Z" Version="2.0">
      <saml2:Issuer>idp.fmfm</saml2:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#ab1mrec9ffamqhh1bn8op842bj3e7">
               <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                     <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
                  </ds:Transform>
               </ds:Transforms>
               <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <ds:DigestValue>l7SB8XPY4XTH2pHCsna1Hzs5B7M=</ds:DigestValue>
            </ds:Reference>
         </ds:SignedInfo>
         <ds:SignatureValue>RMsYB9iR0Wn9j8R1ZKCReg+NZcCOotFY5gXyCRk1bqqJf6N6oFapDcB7CKjMK506hr0YvJADjm0G
4cVnac5G9VduJShTGTQE2TwPEDSaepMvZv6Wtej29N0P9SHT0L2PD2SI59NQjqlikX4+Iz7X6LiA
ndk88XJGM1Jf3rc5HKodDzn733GRV9kZxXYIsgpqRks4iKltyMCoINqF60vcFoazOKDrDWFYIMPb
ppJL68DU65r8u0zbE8b08NgF3T78pbF5z3nl2r7X9IngFmAj9ViIUTFCkRs+5r5nTim7gi26hTNN
3JZBxClbJ8Td2AqKXaWFsO15wyD8mUveZjZ37A==</ds:SignatureValue>
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>MIIDUTCCAjmgAwIBAgIJAKwup+gH9s97MA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoTCmVHYWluIENvcnAxEzARBgNVBAsTCmVH
YWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTAeFw0xNjAyMTExOTI2MDRaFw0yNjAyMDgx
OTI2MDRaMGgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoT
CmVHYWluIENvcnAxEzARBgNVBAsTCmVHYWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALI36zAFtgGnPkireim78TZwzj/IgdBuHtOL
SmTcHnqEXEMF+XxVS+V6ZUhwogM7gePZare8k5uKMQ7NDQRvJ4yDnIURaasuFCSUJGHLleAHJWDH
+KenxdZ9iuPfbRNfU/mqQwRiikxr5BqRkIiYGS25TQBiaGhNbzQLuvDg3QjzqR//7SzEemayF4d7
XrXuia+iD/u8zThyoQmoeAhjIj7bxo/vRD/8+5hvzF3qS7P1XOIq3OkdCuI3SBzD4SPfDoJU14Bx
Wzp3vGU+MMC25vUmvbDMEcstqblTv9qrbLIZyTWcHOXBzjPAYpmwxCHFfAFXVpwJ51ccckIuM7cA
klMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAII9CtR6FFbc7zXAPMF3FN2v3ms2hwwjJxUif6b5G
DAvmfcJBUvkTMRwHve43gTaiFmcDHkp1hxQ8PDlLOkujEa5yuGIB9I/Hxqhkiv9Vm6qorZ2pPM9d
2nA8NQ4DKWaXxY/OcGCFr5NNwIhQCp30F3bFAHFoUIdsedyk7VhQjY5bH3+TkT4U+Irjd6TE+xpt
8WNIwWum58QUYdmvoIRus6v5PRPlATBu7w6plkm8S/IoqXm9P0940m5QHcChGEywGGFGFplHomgv
wtM8Apj6QC2Zq1VTw+G1z9fKsgFu/gIAEW8pcW9PFG9qHSZxAKS6F1TGmxYmqcbkdP3LSdwE6Q==</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </ds:Signature>
      <saml2:Subject>
         <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="ECE Corp">111-20-2989</saml2:NameID>
         <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml2:SubjectConfirmationData NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z" Recipient="ECE" />
         </saml2:SubjectConfirmation>
      </saml2:Subject>
      <saml2:Conditions NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AudienceRestriction>
            <saml2:Audience>ECE</saml2:Audience>
         </saml2:AudienceRestriction>
      </saml2:Conditions>
      <saml2:AttributeStatement>
         <saml2:Attribute Name="department">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Service</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="firstName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Dave</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="middleName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Osbon</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="lastName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Stewart</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="custom.external_id">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-20-2989</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="email.address">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">dave@example.com</saml2:AttributeValue>
         </saml2:Attribute>

         <saml2:Attribute Name="home.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="home.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-123-1234</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-111-1111</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">222-222-2222</saml2:AttributeValue>
         </saml2:Attribute>
      </saml2:AttributeStatement>
      <saml2:AuthnStatement AuthnInstant="2016-02-18T23:29:00.000Z" SessionIndex="ab1glarme5edcr6edrahcqts9sni5" SessionNotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
         </saml2:AuthnContext>
      </saml2:AuthnStatement>
   </saml2:Assertion>
</saml2p:Response>

Response:
HTTP/1.1 200 OK

Response headers

Name Values
X-egain-session Newly generated session ID
Content-Type application/xml

Response body 

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<oAuthResponse xmlns="http://bindings.egain.com/ws/model/v15/gen/platform">
    <access_token>ffeb110f-87ed-4532-a8d4-37d250144a17</access_token>
    <token_type>Bearer</token_type>
</oAuthResponse>

JSON

Request

Method URL
POST /ws/v15/context/authentication/user/sso/oauth2/token?forceLogin=yes&providerId=186A1

Request headers :

Name Value
Content-Type application/x-www-form-urlencoded
Accept application/json
Accept-Language en-US

Request body:
Following form parameters are sent in the request. For easier understanding, the SAML assertion is shown without Base64 encoding below.

Name Value
grant_type urn:ietf:params:oauth:grant-type:saml2-bearer
assertion 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="ECE Application" ID="ab30t4g4k4h6o3l33ossn9mdsr253" IssueInstant="2016-02-18T23:29:12.952Z" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:assertion">idp.fmfm</saml2:Issuer>
   <saml2p:Status>
      <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </saml2p:Status>
   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="ab1mrec9ffamqhh1bn8op842bj3e7" IssueInstant="2016-02-18T23:29:00.000Z" Version="2.0">
      <saml2:Issuer>idp.fmfm</saml2:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#ab1mrec9ffamqhh1bn8op842bj3e7">
               <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                     <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
                  </ds:Transform>
               </ds:Transforms>
               <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <ds:DigestValue>l7SB8XPY4XTH2pHCsna1Hzs5B7M=</ds:DigestValue>
            </ds:Reference>
         </ds:SignedInfo>
         <ds:SignatureValue>RMsYB9iR0Wn9j8R1ZKCReg+NZcCOotFY5gXyCRk1bqqJf6N6oFapDcB7CKjMK506hr0YvJADjm0G
4cVnac5G9VduJShTGTQE2TwPEDSaepMvZv6Wtej29N0P9SHT0L2PD2SI59NQjqlikX4+Iz7X6LiA
ndk88XJGM1Jf3rc5HKodDzn733GRV9kZxXYIsgpqRks4iKltyMCoINqF60vcFoazOKDrDWFYIMPb
ppJL68DU65r8u0zbE8b08NgF3T78pbF5z3nl2r7X9IngFmAj9ViIUTFCkRs+5r5nTim7gi26hTNN
3JZBxClbJ8Td2AqKXaWFsO15wyD8mUveZjZ37A==</ds:SignatureValue>
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>MIIDUTCCAjmgAwIBAgIJAKwup+gH9s97MA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoTCmVHYWluIENvcnAxEzARBgNVBAsTCmVH
YWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTAeFw0xNjAyMTExOTI2MDRaFw0yNjAyMDgx
OTI2MDRaMGgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoT
CmVHYWluIENvcnAxEzARBgNVBAsTCmVHYWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALI36zAFtgGnPkireim78TZwzj/IgdBuHtOL
SmTcHnqEXEMF+XxVS+V6ZUhwogM7gePZare8k5uKMQ7NDQRvJ4yDnIURaasuFCSUJGHLleAHJWDH
+KenxdZ9iuPfbRNfU/mqQwRiikxr5BqRkIiYGS25TQBiaGhNbzQLuvDg3QjzqR//7SzEemayF4d7
XrXuia+iD/u8zThyoQmoeAhjIj7bxo/vRD/8+5hvzF3qS7P1XOIq3OkdCuI3SBzD4SPfDoJU14Bx
Wzp3vGU+MMC25vUmvbDMEcstqblTv9qrbLIZyTWcHOXBzjPAYpmwxCHFfAFXVpwJ51ccckIuM7cA
klMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAII9CtR6FFbc7zXAPMF3FN2v3ms2hwwjJxUif6b5G
DAvmfcJBUvkTMRwHve43gTaiFmcDHkp1hxQ8PDlLOkujEa5yuGIB9I/Hxqhkiv9Vm6qorZ2pPM9d
2nA8NQ4DKWaXxY/OcGCFr5NNwIhQCp30F3bFAHFoUIdsedyk7VhQjY5bH3+TkT4U+Irjd6TE+xpt
8WNIwWum58QUYdmvoIRus6v5PRPlATBu7w6plkm8S/IoqXm9P0940m5QHcChGEywGGFGFplHomgv
wtM8Apj6QC2Zq1VTw+G1z9fKsgFu/gIAEW8pcW9PFG9qHSZxAKS6F1TGmxYmqcbkdP3LSdwE6Q==</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </ds:Signature>
      <saml2:Subject>
         <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="ECE Corp">111-20-2989</saml2:NameID>
         <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml2:SubjectConfirmationData NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z" Recipient="ECE" />
         </saml2:SubjectConfirmation>
      </saml2:Subject>
      <saml2:Conditions NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AudienceRestriction>
            <saml2:Audience>ECE</saml2:Audience>
         </saml2:AudienceRestriction>
      </saml2:Conditions>
      <saml2:AttributeStatement>
         <saml2:Attribute Name="department">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Service</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="firstName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Dave</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="middleName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Osbon</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="lastName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Stewart</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="custom.external_id">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-20-2989</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="email.address">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">dave@example.com</saml2:AttributeValue>
         </saml2:Attribute>

         <saml2:Attribute Name="home.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="home.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-123-1234</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-111-1111</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">222-222-2222</saml2:AttributeValue>
         </saml2:Attribute>
      </saml2:AttributeStatement>
      <saml2:AuthnStatement AuthnInstant="2016-02-18T23:29:00.000Z" SessionIndex="ab1glarme5edcr6edrahcqts9sni5" SessionNotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
         </saml2:AuthnContext>
      </saml2:AuthnStatement>
   </saml2:Assertion>
</saml2p:Response>

Response:
HTTP/1.1 200 OK

Response headers

Name Values
X-egain-session Newly generated session ID
Content-Type application/json

Response body 

{
    "access_token": "ffeb110f-87ed-4532-a8d4-37d250144a17",
    "token_type": "Bearer"
}



Example 3 - Login an existing customer using SSO with customer updation

This example demonstrates the following:

  • Login a customer using SSO, when customer exists and will be updated as part of completing the request.
  • Sending mergeOnAttribute SAML attribute with value 'email.address'

This example assumes the following:

  • Subject sent in the SAML assertion is not found and customer is identified through the value provided in email.address SAML attribute.
  • Less than 5 concurrent sessions exist for this customer.

XML

Request

Method URL
POST /ws/v15/context/authentication/user/sso/oauth2/token

Request headers

Name Value
Accept application/xml
Content-Type application/x-www-form-urlencoded
Accept-Language en-US

Request body:
Following form parameters are sent in the request. For easier understanding, the SAML assertion is shown without Base64 encoding below.

Name Value
grant_type urn:ietf:params:oauth:grant-type:saml2-bearer
assertion 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="ECE Application" ID="ab30t4g4k4h6o3l33ossn9mdsr253" IssueInstant="2016-02-18T23:29:12.952Z" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:assertion">idp.fmfm</saml2:Issuer>
   <saml2p:Status>
      <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </saml2p:Status>
   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="ab1mrec9ffamqhh1bn8op842bj3e7" IssueInstant="2016-02-18T23:29:00.000Z" Version="2.0">
      <saml2:Issuer>idp.fmfm</saml2:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#ab1mrec9ffamqhh1bn8op842bj3e7">
               <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                     <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
                  </ds:Transform>
               </ds:Transforms>
               <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <ds:DigestValue>l7SB8XPY4XTH2pHCsna1Hzs5B7M=</ds:DigestValue>
            </ds:Reference>
         </ds:SignedInfo>
         <ds:SignatureValue>RMsYB9iR0Wn9j8R1ZKCReg+NZcCOotFY5gXyCRk1bqqJf6N6oFapDcB7CKjMK506hr0YvJADjm0G
4cVnac5G9VduJShTGTQE2TwPEDSaepMvZv6Wtej29N0P9SHT0L2PD2SI59NQjqlikX4+Iz7X6LiA
ndk88XJGM1Jf3rc5HKodDzn733GRV9kZxXYIsgpqRks4iKltyMCoINqF60vcFoazOKDrDWFYIMPb
ppJL68DU65r8u0zbE8b08NgF3T78pbF5z3nl2r7X9IngFmAj9ViIUTFCkRs+5r5nTim7gi26hTNN
3JZBxClbJ8Td2AqKXaWFsO15wyD8mUveZjZ37A==</ds:SignatureValue>
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>MIIDUTCCAjmgAwIBAgIJAKwup+gH9s97MA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoTCmVHYWluIENvcnAxEzARBgNVBAsTCmVH
YWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTAeFw0xNjAyMTExOTI2MDRaFw0yNjAyMDgx
OTI2MDRaMGgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoT
CmVHYWluIENvcnAxEzARBgNVBAsTCmVHYWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALI36zAFtgGnPkireim78TZwzj/IgdBuHtOL
SmTcHnqEXEMF+XxVS+V6ZUhwogM7gePZare8k5uKMQ7NDQRvJ4yDnIURaasuFCSUJGHLleAHJWDH
+KenxdZ9iuPfbRNfU/mqQwRiikxr5BqRkIiYGS25TQBiaGhNbzQLuvDg3QjzqR//7SzEemayF4d7
XrXuia+iD/u8zThyoQmoeAhjIj7bxo/vRD/8+5hvzF3qS7P1XOIq3OkdCuI3SBzD4SPfDoJU14Bx
Wzp3vGU+MMC25vUmvbDMEcstqblTv9qrbLIZyTWcHOXBzjPAYpmwxCHFfAFXVpwJ51ccckIuM7cA
klMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAII9CtR6FFbc7zXAPMF3FN2v3ms2hwwjJxUif6b5G
DAvmfcJBUvkTMRwHve43gTaiFmcDHkp1hxQ8PDlLOkujEa5yuGIB9I/Hxqhkiv9Vm6qorZ2pPM9d
2nA8NQ4DKWaXxY/OcGCFr5NNwIhQCp30F3bFAHFoUIdsedyk7VhQjY5bH3+TkT4U+Irjd6TE+xpt
8WNIwWum58QUYdmvoIRus6v5PRPlATBu7w6plkm8S/IoqXm9P0940m5QHcChGEywGGFGFplHomgv
wtM8Apj6QC2Zq1VTw+G1z9fKsgFu/gIAEW8pcW9PFG9qHSZxAKS6F1TGmxYmqcbkdP3LSdwE6Q==</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </ds:Signature>
      <saml2:Subject>
         <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="ECE Corp">111-20-2989</saml2:NameID>
         <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml2:SubjectConfirmationData NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z" Recipient="ECE" />
         </saml2:SubjectConfirmation>
      </saml2:Subject>
      <saml2:Conditions NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AudienceRestriction>
            <saml2:Audience>ECE</saml2:Audience>
         </saml2:AudienceRestriction>
      </saml2:Conditions>
      <saml2:AttributeStatement>
         <saml2:Attribute Name="department">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Service</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="firstName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Dave</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="middleName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Osbon</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="lastName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Stewart</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="custom.external_id">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-20-2989</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="email.address">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">dave@example.com</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="home.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="home.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-123-1234</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-111-1111</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">222-222-2222</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mergeOnAttribute">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">email.address</saml2:AttributeValue>
         </saml2:Attribute>
      </saml2:AttributeStatement>
      <saml2:AuthnStatement AuthnInstant="2016-02-18T23:29:00.000Z" SessionIndex="ab1glarme5edcr6edrahcqts9sni5" SessionNotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
         </saml2:AuthnContext>
      </saml2:AuthnStatement>
   </saml2:Assertion>
</saml2p:Response>

Response:
HTTP/1.1 200 OK

Response headers

Name Values
X-egain-session Newly generated session ID
Content-Type application/xml

Response body 

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<oAuthResponse xmlns="http://bindings.egain.com/ws/model/v15/gen/platform">
    <access_token>ffeb110f-87ed-4532-a8d4-37d250144a17</access_token>
    <token_type>Bearer</token_type>
</oAuthResponse>

JSON

Request

Method URL
POST /ws/v15/context/authentication/user/sso/oauth2/token

Request headers :

Name Value
Content-Type application/x-www-form-urlencoded
Accept application/json
Accept-Language en-US

Request body:
Following form parameters are sent in the request. For easier understanding, the SAML assertion is shown without Base64 encoding below.

Name Value
grant_type urn:ietf:params:oauth:grant-type:saml2-bearer
assertion 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="ECE Application" ID="ab30t4g4k4h6o3l33ossn9mdsr253" IssueInstant="2016-02-18T23:29:12.952Z" Version="2.0">
   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:assertion">idp.fmfm</saml2:Issuer>
   <saml2p:Status>
      <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </saml2p:Status>
   <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="ab1mrec9ffamqhh1bn8op842bj3e7" IssueInstant="2016-02-18T23:29:00.000Z" Version="2.0">
      <saml2:Issuer>idp.fmfm</saml2:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#ab1mrec9ffamqhh1bn8op842bj3e7">
               <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                     <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
                  </ds:Transform>
               </ds:Transforms>
               <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <ds:DigestValue>l7SB8XPY4XTH2pHCsna1Hzs5B7M=</ds:DigestValue>
            </ds:Reference>
         </ds:SignedInfo>
         <ds:SignatureValue>RMsYB9iR0Wn9j8R1ZKCReg+NZcCOotFY5gXyCRk1bqqJf6N6oFapDcB7CKjMK506hr0YvJADjm0G
4cVnac5G9VduJShTGTQE2TwPEDSaepMvZv6Wtej29N0P9SHT0L2PD2SI59NQjqlikX4+Iz7X6LiA
ndk88XJGM1Jf3rc5HKodDzn733GRV9kZxXYIsgpqRks4iKltyMCoINqF60vcFoazOKDrDWFYIMPb
ppJL68DU65r8u0zbE8b08NgF3T78pbF5z3nl2r7X9IngFmAj9ViIUTFCkRs+5r5nTim7gi26hTNN
3JZBxClbJ8Td2AqKXaWFsO15wyD8mUveZjZ37A==</ds:SignatureValue>
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>MIIDUTCCAjmgAwIBAgIJAKwup+gH9s97MA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoTCmVHYWluIENvcnAxEzARBgNVBAsTCmVH
YWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTAeFw0xNjAyMTExOTI2MDRaFw0yNjAyMDgx
OTI2MDRaMGgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTELMAkGA1UEBxMCU1YxEzARBgNVBAoT
CmVHYWluIENvcnAxEzARBgNVBAsTCmVHYWluIENvcnAxFTATBgNVBAMTDHVzc3VodnZtMDAzOTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALI36zAFtgGnPkireim78TZwzj/IgdBuHtOL
SmTcHnqEXEMF+XxVS+V6ZUhwogM7gePZare8k5uKMQ7NDQRvJ4yDnIURaasuFCSUJGHLleAHJWDH
+KenxdZ9iuPfbRNfU/mqQwRiikxr5BqRkIiYGS25TQBiaGhNbzQLuvDg3QjzqR//7SzEemayF4d7
XrXuia+iD/u8zThyoQmoeAhjIj7bxo/vRD/8+5hvzF3qS7P1XOIq3OkdCuI3SBzD4SPfDoJU14Bx
Wzp3vGU+MMC25vUmvbDMEcstqblTv9qrbLIZyTWcHOXBzjPAYpmwxCHFfAFXVpwJ51ccckIuM7cA
klMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAII9CtR6FFbc7zXAPMF3FN2v3ms2hwwjJxUif6b5G
DAvmfcJBUvkTMRwHve43gTaiFmcDHkp1hxQ8PDlLOkujEa5yuGIB9I/Hxqhkiv9Vm6qorZ2pPM9d
2nA8NQ4DKWaXxY/OcGCFr5NNwIhQCp30F3bFAHFoUIdsedyk7VhQjY5bH3+TkT4U+Irjd6TE+xpt
8WNIwWum58QUYdmvoIRus6v5PRPlATBu7w6plkm8S/IoqXm9P0940m5QHcChGEywGGFGFplHomgv
wtM8Apj6QC2Zq1VTw+G1z9fKsgFu/gIAEW8pcW9PFG9qHSZxAKS6F1TGmxYmqcbkdP3LSdwE6Q==</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </ds:Signature>
      <saml2:Subject>
         <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="ECE Corp">111-20-2989</saml2:NameID>
         <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml2:SubjectConfirmationData NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z" Recipient="ECE" />
         </saml2:SubjectConfirmation>
      </saml2:Subject>
      <saml2:Conditions NotBefore="2016-02-18T23:29:00.000Z" NotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AudienceRestriction>
            <saml2:Audience>ECE</saml2:Audience>
         </saml2:AudienceRestriction>
      </saml2:Conditions>
      <saml2:AttributeStatement>
         <saml2:Attribute Name="department">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Service</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="firstName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Dave</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="middleName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Osbon</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="lastName">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Stewart</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="custom.external_id">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-20-2989</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="email.address">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">dave@example.com</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="home.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="home.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-123-1234</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mobile.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">111-111-1111</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.countryCode">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="office.phone.number">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">222-222-2222</saml2:AttributeValue>
         </saml2:Attribute>
         <saml2:Attribute Name="mergeOnAttribute">
            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">email.address</saml2:AttributeValue>
         </saml2:Attribute>
      </saml2:AttributeStatement>
      <saml2:AuthnStatement AuthnInstant="2016-02-18T23:29:00.000Z" SessionIndex="ab1glarme5edcr6edrahcqts9sni5" SessionNotOnOrAfter="2016-02-18T23:39:00.000Z">
         <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
         </saml2:AuthnContext>
      </saml2:AuthnStatement>
   </saml2:Assertion>
</saml2p:Response>

Response:
HTTP/1.1 200 OK

Response headers

Name Values
X-egain-session Newly generated session ID
Content-Type application/json

Response body 

{
    "access_token": "ffeb110f-87ed-4532-a8d4-37d250144a17",
    "token_type": "Bearer"
}