Rest spec and documentation

x-pack/plugin/identity-provider/docs/en/rest-api/idp-saml-init.asciidoc

@@ -24,7 +24,7 @@ IDP initiated or SP initiated SAML Single Sign On. This API expects the caller t
 credentials for the user that the SAML Response will be created for as "Secondary Authentication"
 using the `es-secondary-authorization` HTTP Request header.
 
-The SAML response is returned as an XML String and the caller of the API is responsible to instruct
+The SAML response is returned as a String that contains an XML document. The caller of the API is responsible to instruct
 the end user's browser to make an HTTP Post request to the Service Provider with the SAML response
 Base64 encoded.
 
@@ -52,14 +52,15 @@ The following example generates a SAML Response for an IDP initiated SAML Single
 
 [source, sh]
 --------------------------------------------------------------------
-curl -u idp_admin:idp_admin_pwd <1> -H 'Content-Type: application/json' \
+curl -u idp_admin:idp_admin_pwd <1> \
+  -H 'Content-Type: application/json' \
 -H 'es-secondary-authorization: ApiKey dVhmUDBuQUJERWhZWEZaQVg5S0k6WUJubmZwNEtRZ1d4cGRxdXBzZmFDUQ==' <2> \
 localhost:9200/_idp/saml/init -d '{"entity_id":"https://sp1.kibana.org","acs":"https://sp1.kibana.org/saml/acs"}'
 --------------------------------------------------------------------
 // NOTCONSOLE
 <1> The credentials of the user that has the necessary privileges to call this API
 <2> The credentials of the end user for which the SAML Response will be generated. These can be in the form of a Basic authentication
-header, an elasticsearch access token, or an API key.
+header, an {es} access token, or an API key.
 
 
 The following example generates a SAML Response for an SP initiated SAML Single Sign On to the Service Provider with entity Id

x-pack/plugin/identity-provider/docs/en/rest-api/idp-saml-metadata.asciidoc

@@ -29,7 +29,8 @@ to be configured to work with this identity provider
 (string) The SAML entity Id of the service provider that will consume this SAML metadata document.
 
 `acs`::
-(string) The SAML Assertion Consumer Service URL of the service provider that will consume this SAML
+(Optional, string) The SAML Assertion Consumer Service URL of the service provider that will consume this SAML.
+If this is not set, then this API will ignore any wildcard services and will fail if `sp_entity_id` is not a directly registered Service Provider.
 metadata document.
 
 [[idp-saml-metadata-example]]

x-pack/plugin/identity-provider/docs/en/rest-api/idp-saml-register-sp.asciidoc

@@ -9,8 +9,8 @@ Registers a SAML service provider for use with this Identity Provider or updates
 [[idp-saml-register-sp-request]]
 ==== {api-request-title}
 
-`POST /_idp/saml/sp/{sp_entity_id} +
- PUT  /_idp/saml/sp/{sp_entity_id}`
+`POST /_idp/saml/sp/{sp_entity_id}` +
+`PUT  /_idp/saml/sp/{sp_entity_id}`
 
 [[idp-saml-register-sp-prereqs]]
 ==== {api-prereq-title}
@@ -26,7 +26,7 @@ This API registers a Service Provider with the Identity Provider and sets the ne
 [[idp-saml-register-sp-path-params]]
 ==== {api-path-parms-title}
 
-`sp_entity_id::
+`sp_entity_id`::
 (string) The SAML entity Id of the service provider to be registered or updated. In case the entity Id is a URL, it should be urlencoded.
 
 [[idp-saml-register-sp-params]]
@@ -46,7 +46,8 @@ The following parameters can be specified in the body of a POST or PUT request:
 (Required, string) A name to identify this service provider. Used only for informational purposes
 
 `entity_id`::
-(Required, string) The SAML entity Id of the service provider.
+(Optional, string) The SAML entity Id of the service provider. If not set, it will be populated with the value from the URL parameter.
+If set, it musth match the value that is passed in the URL parameter.
 
 `acs`::
 (Required, string) The assertion consumer service URL of the service provider.

x-pack/plugin/identity-provider/src/test/resources/rest-api-spec/api/idp.saml_get_metadata.json

@@ -19,6 +19,9 @@
           }
         }
       ]
+    },
+    "params": {
+      "acs": { ... }
     }
   }
 }