This documentation is for WSO2 Identity Server 5.6.0. View documentation for the latest release.
Page Comparison - Using the Service Provider API (v.4 vs v.5) - WSO2 Identity Server 5.6.0 - WSO2 Documentation

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a service provider for the given application name and the description using the createApplication operation. It returns a 200 OK response. 

    Info

    Note: The service provider's application ID is required to use the updateApplication operation. You can include an application ID for the new service provider within the same SOAP request when calling the createApplication operation. If you do not include an application ID in the request, you can retrieve the auto-generated application ID value by calling the getApplication service method with the application name.

  2. Update the service provider with other configurations using the updateApplication operation. The service provider's application ID is required for this request. 

Input parameters

ParameterTypeDescription
applicationIDIntegerUnique application ID for the service provider. This is an optional parameter, if you have not included this value in the SOAP request, WSO2 IS assigns a unique application ID.
applicationNameString

The desired service provider name.

Warning

The applicationName should not contain any special characters except for fullstops (.), hyphens (-), underscores (_) and spaces.

Note

Note: Adding a service provider creates an internal application role for the given application name in the following format: Internal/<applicationName>.
Therefore, creating another service provider for the same application name is not possible and will throw an IdentityApplicationManagementException.

descriptionStringA brief text description of the service provider.


Request:

Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:createApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationName>?</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:description>?</xsd1:description>
         </xsd:serviceProvider>
      </xsd:createApplication>
   </soapenv:Body>
</soapenv:Envelope>
Expand
titleSample Request...
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:createApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
         </xsd:serviceProvider>
      </xsd:createApplication>
   </soapenv:Body>
</soapenv:Envelope>

Request with application ID:

Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:createApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>?</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>?</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:description>?</xsd1:description>
         </xsd:serviceProvider>
      </xsd:createApplication>
   </soapenv:Body>
</soapenv:Envelope>
Expand
titleSample Request...
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:createApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>2</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
         </xsd:serviceProvider>
      </xsd:createApplication>
   </soapenv:Body>
</soapenv:Envelope>

Response:

Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:createApplicationResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:createApplicationResponse>
   </soapenv:Body>
</soapenv:Envelope>

updateApplication

Permission Level: /permission/admin/manage

After creating the service provider, it can be configured and updated with the following configurations:

  • Claim configuration
  • Role/Permission configuration
  • Inbound and Outbound authentication configuration
  • Inbound and Outbound provisioning configuration  
Info
  • Get application ID - The service provider is updated based on its application ID. If you have not provided an application ID when creating the service provider, you You can use the getApplication operation to retrieve the application ID value from WSO2 IS. 


  • Get certificate reference ID - The certificate of the service provider is updated based on its certificate reference ID. Use the getApplication operation to retrieve the certificate reference ID value from WSO2 IS and include it in the updateApplication SOAP request to update the same certificate. The code block below shows the certificate reference ID value included in the getApplication response.

    Code Block
    <ax2140:spProperties xsi:type="ax2140:ServiceProviderProperty">
        <ax2140:displayName>CERTIFICATE</ax2140:displayName>
        <ax2140:name>CERTIFICATE</ax2140:name>
        <ax2140:value>2</ax2140:value>
    </ax2140:spProperties>

    To update the same certificate, include the certificate reference ID you retrieved in the updateApplication SOAP request as follows.

    Code Block
    <xsd1:spProperties>
        <!--Optional:-->
        <xsd1:displayName>CERTIFICATE</xsd1:displayName>
        <!--Optional:-->
        <xsd1:name>CERTIFICATE</xsd1:name>
        <!--Optional:-->
        <xsd1:value>2</xsd1:value>
    </xsd1:spProperties>

The format of the update request should be as follows. 

Request:

Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>?</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>?</xsd1:applicationName>
            <!--Optional:-->
			<xsd1:certificateContent>?</xsd1:certificateContent>
			<!--Optional:-->
            <xsd1:claimConfig>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>?</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig>...</xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>...</xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>...</xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>...</xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:owner>...</xsd1:owner>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig>...</xsd1:permissionAndRoleConfig>
            <!--Zero or more repetitions:-->
            <xsd1:requestPathAuthenticatorConfigs>...</xsd1:requestPathAuthenticatorConfigs>
            <!--Optional:-->
            <xsd1:saasApp>?</xsd1:saasApp>
			<xsd1:spProperties>
    		<!--Optional:-->
    		<xsd1:displayName>CERTIFICATE</xsd1:displayName>
    		<!--Optional:-->
    		<xsd1:name>CERTIFICATE</xsd1:name>
    		<!--Optional:-->
    		<xsd1:value>2</xsd1:value>
			</xsd1:spProperties>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>
Expand
titleSample Request...

For SAML

Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>2</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Optional:-->
               <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
               <!--Optional:-->
               <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>

For OAuth

Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>5</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>SampleApplication</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Optional:-->
               <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>oauth application</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig>
               <!--Zero or more repetitions:-->
               <xsd1:inboundAuthenticationRequestConfigs>
                  <!--Optional:-->
                  <xsd1:inboundAuthKey>CLIENT_ID</xsd1:inboundAuthKey>
                  <!--Optional:-->
                  <xsd1:inboundAuthType>oauth2</xsd1:inboundAuthType>
                  <!--Zero or more repetitions:-->
                  <xsd1:properties>
                     <!--Optional:-->
                     <xsd1:advanced>false</xsd1:advanced>
                     <!--Optional:-->
                     <xsd1:confidential>false</xsd1:confidential>
                     <!--Optional:-->
                     <xsd1:defaultValue></xsd1:defaultValue>
                     <!--Optional:-->
                     <xsd1:description></xsd1:description>
                     <!--Optional:-->
                     <xsd1:displayName></xsd1:displayName>
                     <!--Optional:-->
                     <xsd1:name>oauthConsumerSecret</xsd1:name>
                     <!--Optional:-->
                     <xsd1:required>false</xsd1:required>
                     <!--Optional:-->
                     <xsd1:type></xsd1:type>
                     <!--Optional:-->
                     <xsd1:value>CLIENT_SECRET</xsd1:value>
                  </xsd1:properties>
               </xsd1:inboundAuthenticationRequestConfigs>
            </xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
               <!--Optional:-->
               <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>


Response:

Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:updateApplicationResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:updateApplicationResponse>
   </soapenv:Body>
</soapenv:Envelope>
Input parameters
Service provider level parameters


Parameter

Type

Description

applicationID

Integer

Application ID of the service provider. This is mandatory when updating the SP.

applicationName

String

Service provider name

claimConfig

ClaimConfig

Claims related configurations

description

String

Description of the SP

inboundAuthenticationConfig

InboundAuthenticationConfig

Inbound authentication related configurations

inboundProvisioningConfig

InboundProvisioningConfig

Inbound provisioning related configurations

localAndOutBoundAuthenticationConfig

LocalAndOutboundAuthenticationConfig

Local and outbound authentication

outboundProvisioningConfig

OutboundProvisioningConfig

Outbound provisioning related configurations

owner

User

Applicationn owner

permissionAndRoleConfig

PermissionsAndRoleConfig

Permission and role related configurations 

requestPathAuthenticatorConfigs

RequestPathAuthenticatorConfig

Request patch authenticator related configurations
saasAppOptional

This parameter allows you to determine whether the service provider is a SaaS application.

true - enable SaaS application

false - disable SaaS application


If no value is passed for this parameter, the service provider is marked as SaaS disabled by default. Thus, the web application is not shared among tenants so only users in the current tenant (the one you are logged in when creating the service provider) are allowed to log into the web application. Alternatively, if you enabled SaaS application, that means this web application is shared among tenants so users from any tenant are allowed to log into the web application.

Claim configuration level parameters

The <claimConfig> element  defines all claim configuration level inputs. This element can have zero or more <claimMappings> elements that specify claims referred by this service provider. A <claimMappings> element includes two elements; <localClaim> and <remoteClaim> where each is represented by a claimId and a claimURI.  The <localClaim> denotes a standard claim which is local to the WSO2 Identity Server and the <remoteClaim> denotes some remote claim value that maps to the local claim under the same claim mapping. Remote claims are specifically used with identity federation scenarios to map claims received from the federated Identity Provider to local claims.                             


Parameter

Type

Description

alwaysSendMappedLocalSubjectId

Boolean

This configuration specifies whether the subject attribute that returns to the service provider is taken from the locally mapped user or from the federated user.

localClaimDialect

Boolean

This is a boolean that specifies whether this service provider is using the local claim dialect or a custom claim dialect.

true - using the local claim dialect

false - using the custom claim dialect


If it is using the custom claim dialect, the local claim should map with a remote claim in each claim mapping otherwise, both the local claim URI and the remote claim URI should be the same (i.e. a URI defined under a dialect local to the WSO2 Identity Server).

claimMappings.localClaim.claimId

claimMappings.remoteClaim.claimId

Integer

Integer value that identifies the claim. Applies to both localClaim and remoteClaim elements.

claimMappings.localClaim.claimUri

claimMappings.remoteClaim.claimUri

String

URI specific to the claim. It applies to both localClaim and remoteClaim elements. When defined under localClaim, this is a URI defined under the dialect specific to the claim. If defined under the remoteClaim, this is a remote claim URI which maps with the local claim defined under the same parent claimMappings element. If only the local claim dialect is used, the same claimURI in localClaim should be used with claimURI in remoteClaim, since there are no explicit local to remote claim mappings.

claimMappings.requested

Boolean

This is a boolean that marks a mapped claim as a requested claim which ensures that the service provider definitely sends this claim to the Identity Server.

true - mark as requested

false - mark as not requested

roleClaimURI

String

Role claim URI is used to identify the claim that equates to the role of the user. This is linked to the permissions that you can apply for specific user roles. This is a remote claim URI mapped via claim mappings.

userClaimURI

String

User claim URI is also referred to as Subject claim URI in the management console. It is the claim that is used to uniquely identiy a user. For example, mapping the claims to the users email or ID attribute.

claimConfig Request Element:

Code Block
languagexml
<xsd1:claimConfig>
    <!--Optional:-->
    <xsd1:alwaysSendMappedLocalSubjectId>?</xsd1:alwaysSendMappedLocalSubjectId>
    <!--Zero or more repetitions:-->
    <xsd1:claimMappings>
        <!--Optional:-->
        <xsd1:defaultValue>?</xsd1:defaultValue>
        <!--Optional:-->
        <xsd1:localClaim>
            <!--Optional:-->
            <xsd1:claimId>?</xsd1:claimId>
            <!--Optional:-->
            <xsd1:claimUri>?</xsd1:claimUri>
        </xsd1:localClaim>
        <!--Optional:-->
        <xsd1:mandatory>?</xsd1:mandatory>
        <!--Optional:-->
        <xsd1:remoteClaim>
            <!--Optional:-->
            <xsd1:claimId>?</xsd1:claimId>
            <!--Optional:-->
            <xsd1:claimUri>?</xsd1:claimUri>
        </xsd1:remoteClaim>
        <!--Optional:-->
        <xsd1:requested>?</xsd1:requested>
    </xsd1:claimMappings>
    <!--Zero or more repetitions:-->
    <xsd1:idpClaims>
        <!--Optional:-->
        <xsd1:claimId>?</xsd1:claimId>
        <!--Optional:-->
        <xsd1:claimUri>?</xsd1:claimUri>
    </xsd1:idpClaims>
    <!--Optional:-->
    <xsd1:localClaimDialect>?</xsd1:localClaimDialect>
    <!--Optional:-->
    <xsd1:roleClaimURI>?</xsd1:roleClaimURI>
    <!--Optional:-->
    <xsd1:userClaimURI>?</xsd1:userClaimURI>
</xsd1:claimConfig>
Expand
titleSample Request...
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>2</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Zero or more repetitions:-->
               <xsd1:claimMappings>
                  <!--Optional:-->
                  <xsd1:localClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>http://wso2.org/claims/givenname</xsd1:claimUri>
                  </xsd1:localClaim>
                  <!--Optional:-->
                  <xsd1:mandatory>true</xsd1:mandatory>
                  <!--Optional:-->
                  <xsd1:remoteClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>name</xsd1:claimUri>
                  </xsd1:remoteClaim>
                  <!--Optional:-->
                  <xsd1:requested>true</xsd1:requested>
               </xsd1:claimMappings>
               <xsd1:claimMappings>
                  <!--Optional:-->
                  <xsd1:localClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>http://wso2.org/claims/role</xsd1:claimUri>
                  </xsd1:localClaim>
                  <!--Optional:-->
                  <xsd1:mandatory>true</xsd1:mandatory>
                  <!--Optional:-->
                  <xsd1:remoteClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>role</xsd1:claimUri>
                  </xsd1:remoteClaim>
                  <!--Optional:-->
                  <xsd1:requested>true</xsd1:requested>
               </xsd1:claimMappings>
               <!--Optional:-->
               <xsd1:localClaimDialect>false</xsd1:localClaimDialect>
               <!--Optional:-->
               <xsd1:roleClaimURI>role</xsd1:roleClaimURI>
               <!--Optional:-->
               <xsd1:userClaimURI>user</xsd1:userClaimURI>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
               <!--Optional:-->
               <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>name</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>

Permissions and roles configuration parameters

The <permissionAndRoleConfig> element defines all permission and role configuration level inputs. Under this element, specific permissions can be specified via zero or more <permissions> blocks.

...