Wei, Hongmin
80f18fd272
Reviewed-by: Kabai, Zoltán Gábor <zoltan-gabor.kabai@t-systems.com> Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com> Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
30 KiB
Updating an OpenID Connect Identity Provider
Function
This API is provided for the administrator to modify an OpenID Connect identity provider.
URI
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
idp_id |
Yes |
String |
Identity provider ID. Length: 1 to 64 characters |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Token with Security Administrator permissions. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Yes |
object |
OpenID Connect configurations. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
access_mode |
No |
String |
Access type. Options:
|
idp_url |
No |
String |
URL of the OpenID Connect identity provider. This field corresponds to the iss field in the ID token. Length: 10 to 255 characters |
client_id |
No |
String |
ID of a client registered with the OpenID Connect identity provider. Length: 5 to 255 characters |
authorization_endpoint |
No |
String |
Authorization endpoint of the OpenID Connect identity provider. This field is required only if access_mode is set to program_console. Length: 10 to 255 characters |
scope |
No |
String |
Scope of authorization requests. This field is required only if access_mode is set to program_console. Enumerated values:
|
response_type |
No |
String |
Response type. This field is required only if access_mode is set to program_console. Enumerated value:
|
response_mode |
No |
String |
Response mode. This field is required only if access_mode is set to program_console. Enumerated values:
|
signing_key |
No |
String |
Public key used to sign the ID token of the OpenID Connect identity provider. Length: 10 to 30,000 characters Format example: {
"keys":[
{
"kid":"d05ef20c4512645vv1..." ,
"n":"cws_cnjiwsbvweolwn_-vnl...",
"e":"AQAB",
"kty":"RSA",
"use":"sig",
"alg":"RS256"
}
]
}
|
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
object |
OpenID Connect configurations. |
Parameter |
Type |
Description |
|---|---|---|
access_mode |
String |
Access type. Options:
|
idp_url |
String |
URL of the OpenID Connect identity provider. This field corresponds to the iss field in the ID token. Length: 10 to 255 characters |
client_id |
String |
ID of a client registered with the OpenID Connect identity provider. Length: 5 to 255 characters |
authorization_endpoint |
String |
Authorization endpoint of the OpenID Connect identity provider. This field is required only if access_mode is set to program_console. Length: 10 to 255 characters |
scope |
String |
Scope of authorization requests. This field is required only if access_mode is set to program_console. Enumerated values:
|
response_type |
String |
Response type. This field is required only if access_mode is set to program_console. Enumerated value:
|
response_mode |
String |
Response mode. This field is required only if access_mode is set to program_console. Enumerated values:
|
signing_key |
String |
Public key used to sign the ID token of the OpenID Connect identity provider. Length: 10 to 30,000 characters |
Example Request
- Modifying an identity provider that supports programmatic access
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config { "openid_connect_config" : { "access_mode" : "program", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } } - Modifying an identity provider that supports programmatic access and management console access
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config { "openid_connect_config" : { "access_mode" : "program_console", "idp_url" : "https://accounts.example.com", "client_id" : "client_id_example", "authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth", "scope" : "openid", "response_type" : "id_token", "response_mode" : "form_post", "signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}" } }
Example Response
Status code: 200
{
"openid_connect_config" : {
"access_mode" : "program_console",
"idp_url" : "https://accounts.example.com",
"client_id" : "client_id_example",
"authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth",
"scope" : "openid",
"response_type" : "id_token",
"response_mode" : "form_post",
"signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}"
}
}
Status code: 400
The server failed to process the request.
{
"error_msg" : "Request body is invalid.",
"error_code" : "IAM.0011"
}
Status code: 401
Authentication failed.
{
"error_msg" : "The request you have made requires authentication.",
"error_code" : "IAM.0001"
}
Status code: 403
Access denied.
{
"error_msg" : "Policy doesn't allow %(actions)s to be performed.",
"error_code" : "IAM.0003"
}
Status code: 404
The requested resource cannot be found.
{
"error_msg" : "Could not find %(target)s: %(target_id)s.",
"error_code" : "IAM.0004"
}
Status code: 500
Internal server error.
{
"error_msg" : "An unexpected error prevented the server from fulfilling your request.",
"error_code" : "IAM.0006"
}
Status Codes
Status Code |
Description |
|---|---|
200 |
The request is successful. |
400 |
The server failed to process the request. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
500 |
Internal server error. |