KB-1975 Web API calls return unexpected results after enabling SAML authentication

Symptoms

After enabling SAML authentication for Appian, Web API calls return a 200 OK response code with an unexpected HTML response body that fails to parse in the external system calling the Web API. For example, the error observed in the Web API client may indicate that the response was invalid JSON or that a particular attribute could not be found in the response body.

Cause

Because SAML authentication is enabled with the default login page set to the SAML login page, all requests not containing a session cookie are expected to authenticate through SAML. Thus, the requests to the Web API are being redirected to the SAML login page rather than getting served by Appian. The received response is the HTML of the login page of the SAML provider instead of the data expected from the Web API. The below example illustrates the correct and erroneous responses:

Without SAML authentication

{
"output": "No update required",
"success": "true"
}

With SAML authentication

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
</head>
<body onload="document.forms[0].submit()">
<noscript>
<p>
<strong>Note:</strong> Since your browser does not support JavaScript,
you must press the Continue button once to proceed.
</p>
</noscript>
<form action="https&#x3a;&#x2f;&#x2f;idp.example.com&#x3a;443&#x2f;sso&#x2f;SSOPOST&#x2f;metaAlias&#x2f;publicidp" method="post">
<div>
<input type="hidden" name="SAMLRequest" value="PD94bWwgdmV..."/>
</div>
<noscript>
<div>
<input type="submit" value="Continue"/>
</div>
</noscript>
</form>
</body>
</html>

Action

Use the ?signin=native query parameter in the Web API URL when making the call from the external system to enable the call to be authenticated through Basic authentication instead of SAML. For example, if the Web API URL is https://appian.example.com/suite/webapi/get-data, the call should be made to https://appian.example.com/suite/webapi/get-data?signin=native.

Affected Versions

This article applies to Appian versions 17.1 through 19.1 using SAML authentication.

Last Reviewed: August 2019

Related
Recommended