naftiko: 1.0.0-alpha2
info:
  label: Login.gov SAML — Authentication
  description: Login.gov SAML 2.0 capability for relying parties that federate via SAML rather than OIDC. Exposes metadata, SSO, and SLO endpoints.
  tags:
  - LoginGov
  - SAML
  - Authentication
  - Federal
  - SSO
  created: '2026-05-25'
  modified: '2026-05-25'
binds:
- namespace: env
  keys:
    LOGIN_GOV_BASE_URL: LOGIN_GOV_BASE_URL
capability:
  consumes:
  - type: http
    namespace: login-gov-saml
    baseUri: '{{env.LOGIN_GOV_BASE_URL}}'
    description: Login.gov SAML 2.0 endpoints. Sandbox default idp.int.identitysandbox.gov; switch to secure.login.gov in production.
    resources:
    - name: metadata
      path: /api/saml/metadata2026
      operations:
      - name: getMetadata
        method: GET
        description: Get Login.gov SAML IdP Metadata
        outputRawFormat: xml
        outputParameters:
        - name: result
          type: string
          value: $.
    - name: sso
      path: /api/saml/auth2026
      operations:
      - name: initiateSso
        method: GET
        description: Initiate SAML SSO Via HTTP-Redirect
        outputRawFormat: html
        outputParameters:
        - name: result
          type: string
          value: $.
    - name: slo
      path: /api/saml/logout2026
      operations:
      - name: initiateSlo
        method: POST
        description: Initiate SAML Single Logout
        outputRawFormat: html
        outputParameters:
        - name: result
          type: string
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Form-encoded SAML LogoutRequest body.
          required: true
  exposes:
  - type: rest
    namespace: login-gov-saml-rest
    port: 8080
    description: REST adapter for Login.gov SAML metadata inspection.
    resources:
    - path: /v1/metadata
      name: metadata
      description: SAML metadata passthrough.
      operations:
      - method: GET
        name: getMetadata
        description: Get Login.gov SAML IdP Metadata
        call: login-gov-saml.getMetadata
        outputParameters:
        - type: string
          mapping: $.
  - type: mcp
    namespace: login-gov-saml-mcp
    port: 9090
    transport: http
    description: MCP adapter exposing SAML metadata for downstream tools.
    tools:
    - name: login-gov-get-saml-metadata
      description: Fetch the Login.gov SAML 2.0 IdP metadata XML.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: login-gov-saml.getMetadata
      outputParameters:
      - type: string
        mapping: $.