EJS.33436 (Customer) asked a question.
Hi! I'm trying to use the API to gather SAML metadata urls for several Okta apps. In the past, I've had urls that take the form:
https://{oktaDomain}/app/{id}/sso/saml/metadata
But it seems the API returns the metadata urls in this form:
https://{oktaDomain}/api/v1/apps/{id}/sso/saml/metadata
The issue is that the second URL requires that you have a session in place to view the metadata. I have services that are getting 403's when trying to gather the metadata because they don't have a session. I can also verify this by trying to access the second url in an incognito browser, and I receive
"errorCode": "E0000005"
"errorSummary": "Invalid session"
I'm trying to use the API to gather metadata urls for several apps without going into the Admin UI. Simply replacing the id from the new URL into the old URL doesn't work and results in a 404 resource not found.
Is there a way I can get the public URL via the API?
Is there a way I can get the ID that I need to construct the public URL? I wasn't able to find it in the API response for the application.
Hi @EJS.33436 (Customer),
Thank you for posting on the Okta community page!
I have done some research and in order to retrieve the metadata from an Okta SAML app you can use the Preview SAML metadata API call as explained in the documentation provided bellow:
Additionally, in order to get the application ID, you can access the app profile in Okta and retrieve it from the URL.
Also, I have tried as well to access the second link and I receive the same error message, therefore I assume that this would be expected behaviour due to security reasons.
I hope the above information is useful!