saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard
verified publisher icon Versent

OneLogin API /1 is deprecated

Open danopia opened this issue 3 years ago • 0 comments

I see that saml2aws is using the /1 version of OneLogin's API:

https://github.com/Versent/saml2aws/blob/cdd6da80f128dd17d400251b08ea5d226bdfe154/pkg/provider/onelogin/onelogin.go#L116

The API docs indicate that this endpoint shouldn't be used:

Deprecated This version is deprecated and will be removed in February 2021.

I've looked at the /2 api docs and the responses seem to be structured a bit differently.

Also, the returned SAML Assertion XML is structured differently between /1 and /2. I can provide more details if desired, but the key is that /2 provides the same SAML assertion as logging in normally in the OneLogin app/website.

I haven't reached out to OneLogin yet about if/when they plan to actually remove the /1 API.

danopia avatar Feb 24 '22 09:02 danopia