コンテンツにスキップ

Export local SAML signing DR bundle.

POST
/api/admin/saml-settings/local-signing/dr-bundle
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/admin/saml-settings/local-signing/dr-bundle \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "passphrase": "correct horse battery staple" }'

Exports a passphrase-encrypted disaster recovery bundle containing tenant-local SAML signing settings and private signing keys. The response is marked no-store.

Media type application/json
object
passphrase
string
Example
{
"passphrase": "correct horse battery staple"
}

Successful JSON response.

Media type application/json
object
kind
required
string
Allowed values: authrim.saml_local_signing_secret_dr_bundle.encrypted.v1
version
required
integer
Allowed values: 1
tenantId
required
string
generatedAt
required
string format: date-time
encrypted
required
boolean
sensitive
required
boolean
warning
required
string
kdf
required
object
name
required
string
Allowed values: PBKDF2
hash
required
string
Allowed values: SHA-256
iterations
required
integer
salt
required
string
cipher
required
object
name
required
string
Allowed values: AES-GCM
iv
required
string
payload
required
string
payloadEncoding
required
string
Allowed values: base64
Example
{
"kind": "authrim.saml_local_signing_secret_dr_bundle.encrypted.v1",
"version": 1,
"tenantId": "tenant_123",
"generatedAt": "2026-06-19T00:00:00.000Z",
"encrypted": true,
"sensitive": true,
"warning": "This bundle is passphrase-encrypted and contains SAML private signing keys after decryption. Store it offline.",
"kdf": {
"name": "PBKDF2",
"hash": "SHA-256",
"iterations": 100000,
"salt": "base64-salt"
},
"cipher": {
"name": "AES-GCM",
"iv": "base64-iv"
},
"payload": "base64-ciphertext",
"payloadEncoding": "base64"
}