content/operate/rs/references/rest-api/objects/sso.md
An API object that represents single sign-on (SSO) configuration in the cluster.
| Name | Type/Value | Description |
|---|---|---|
| control_plane | boolean (default: false) | If true, enables single sign-on (SSO) for the control plane. |
| enforce_control_plane | boolean (default: false) | If true, enforce SSO login for the control plane for non-admin users. If false, all users can still login using their local username and password if SSO is down. |
| protocol | "saml2" | SSO protocol to use. |
| issuer | complex object | Issuer related configuration. |
| Contains the following fields: | ||
| id: Unique ID of the issuer side (example: "urn:sso:example:idp") | ||
| login_url: SSO login URL (example: "https://idp.example.com/sso/saml") | ||
| logout_url: SSO logout URL (example: "https://idp.example.com/sso/slo") | ||
| metadata: Base64 encoded IdP metadata (read-only) | ||
| service | complex object | Service related configuration. |
| For SAML2 service configuration: | ||
| {{<code>}}{ | ||
| "address": "string", | ||
| "saml2": { |
"entity_id": "string",
"acs_url": "string",
"slo_url": "string"
} }{{</code>}} address: External service address used for SSO. By default, the cluster name with the Cluster Manager port is used. acs_url: Assertion Consumer Service URL (read-only) slo_url: Single Logout URL (read-only) entity_id: Service entity ID (read-only) |