Function

This API is used to obtain an unscoped token in IdP-initiated federated identity authentication mode.

An unscoped token cannot be used for authentication. If a federated user needs to use a token for authentication, obtain the scoped token based on section Obtaining a Scoped Token.

URI

POST /v3.0/OS-FEDERATION/tokens

Request Parameters

Parameters in the request header

Parameter	Mandatory	Type	Description
X-Idp-Id	Yes	String	ID of an identity provider.
Content-Type	Yes	String	The client must transfer the SAMLResponse parameter to the server by using the form data submitted by the browser. Therefore, the value of this parameter must be: application/x-www-form-urlencoded

Parameter

Mandatory

Type

Description

X-Idp-Id

Yes

String

ID of an identity provider.

Content-Type

Yes

String

The client must transfer the SAMLResponse parameter to the server by using the form data submitted by the browser. Therefore, the value of this parameter must be:

application/x-www-form-urlencoded

Parameters in the request body
Parameter

Mandatory

Type

Description

SAMLResponse

Yes

String

Response body returned when IdP authentication is successful.

This API can only be called on the CLI side. The client needs to obtain SAMLResponse in IdP-initiated federated identity authentication mode and obtain an unscoped token by using the form data submitted by the browser.

Parameter	Mandatory	Type	Description
SAMLResponse	Yes	String	Response body returned when IdP authentication is successful.

Example request

curl -i -k -H 'Accept:application/json' -H 'x-Idp-Id:test_local_idp' -H 'Content-Type:application/x-www-form-urlencoded' -X POST -d 'SAMLResponse=PD94bWwgdmVyc2lvbj0iMS4wIiBl4WXZ1OGNmYmRzWk1ZeWlLKy96anpEbm1rT2FrVVBrUmlSWEpLYUt5NzJtUmtoRFBCNjgwVQpzalU3R2hKNHE4ZG48L3hlbmM6Q2lwaGVyVmFsdWU%2BPC94ZW5jOkNpcGhlckRhdGE%2BPC94ZW5jOkVuY3J5cHRlZERhdGE%2BPC9zYW1sMjpFbmNyeXB0ZWRBc3NlcnRpb24%2BPC9zYW1sMnA6UmVzcG9uc2U%2B' https://sample.domain.com/v3.0/OS-FEDERATION/tokens

Response Parameters

Parameters in the response body

Response Item	Parameter	Type	Description
X-Subject-Token	header	String	Signed unscoped token.
token	body	Object	Information of the unscoped token obtained in federated identity authentication mode, including methods and user information.

Example response

{
    "token": {
        "expires_at": "2018-03-13T03:00:01.168000Z",
        "methods": ["mapped"],
        "issued_at": "2018-03-12T03:00:01.168000Z",
        "user": {
            "OS-FEDERATION": {
                "identity_provider": {
                    "id": "test_local_idp"
                },
                "protocol": {
                    "id": "saml"
                },
                "groups": [{
                    "name": "admin",
                    "id": "45a8c8f1894444e9a016af065e152b91"
                }]
            },
            "domain": {
                "name": "hansheng",
                "id": "c0e20cc993a24ad4aa3251661ef37c87"
            },
            "name": "FederationUser",
            "id": "QNSzD0bycqUXE4hiRNfyFcWfoOs8z6gT"
        }
    }
}

Status Code

Status Code	Description
201	The request is successful, and a token is returned.
400	The server failed to process the request.
401	Authentication failed.
403	Access denied.
405	The method specified in the request is not allowed for the requested resource.
413	The request entity is too large.
500	Internal server error.
503	Service unavailable.

Obtaining an Unscoped Token (IdP Initiated)

Function

URI

Request Parameters

Response Parameters

Status Code