Skip to main content
POST
/
v1
/
session
/
login
/
saml
/
{provider_id}
/
{connection_id}
/
acs
SAML Assertion Consumer Service (ACS)
curl --request POST \
  --url https://{appId}.session.prelude.dev/v1/session/login/saml/{provider_id}/{connection_id}/acs \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'SAMLResponse=<string>' \
  --data 'RelayState=<string>'

Path Parameters

provider_id
string
required

The SAML provider identifier (okta or google).

Examples:

"okta"

"google"

connection_id
string
required

The SAML connection identifier (prefixed with samlc_).

Example:

"samlc_01jqebhswje1ka1z7ahr9rfsgt"

Body

application/x-www-form-urlencoded
SAMLResponse
string
required

Base64-encoded SAML response assertion from the IdP.

RelayState
string

Opaque token echoed back by the IdP. Present for SP-initiated flows; absent for IdP-initiated flows.

Response

Redirect to the connection's redirect URI with one of:

  • challenge_token=<jwt> — login may be finalized via the Finalize login endpoint.
  • error=<code>&error_description=<message> — SAML validation or provisioning failure (e.g. saml_authentication_failed, saml_user_not_provisioned, saml_email_domain_not_allowed, email_already_in_use).