vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/api-ref/en-us_topic_0057845629.html
zhangyue 3b5a58b1fe IAM API 2.0.38 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2022-10-26 04:31:24 +00:00

214 lines
17 KiB
HTML
Raw Blame History

<a name="en-us_topic_0057845629"></a><a name="en-us_topic_0057845629"></a>
<h1 class="topictitle1">Obtaining an Unscoped Token (SP Initiated)</h1>
<div id="body1492676120194"><div class="section" id="en-us_topic_0057845629__section42991548164730"><h4 class="sectiontitle">Function</h4><p id="en-us_topic_0057845629__p464103765818">This API is used to obtain an unscoped token in SP-initiated federated identity authentication mode.</p>
<p id="en-us_topic_0057845629__p57696132319">An unscoped token cannot be used for authentication. If a federated user needs to use a token for authentication, obtain the scoped token based on section <a href="iam_13_0604.html">Obtaining a Scoped Token</a>.</p>
</div>
<div class="section" id="en-us_topic_0057845629__section999597164730"><h4 class="sectiontitle">URI</h4><ul id="en-us_topic_0057845629__ul30613081164832"><li id="en-us_topic_0057845629__li7082275164832">URI format<p id="en-us_topic_0057845629__p4792267163236"><a name="en-us_topic_0057845629__li7082275164832"></a><a name="li7082275164832"></a>GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth</p>
</li></ul>
<ul id="en-us_topic_0057845629__ul577211163243"><li id="en-us_topic_0057845629__li29327871163243">URI parameters
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845629__table45982210164832" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845629__row34412857164832"><th align="left" class="cellrowborder" valign="top" width="17.16828317168283%" id="mcps1.3.2.3.1.1.1.5.1.1"><p id="en-us_topic_0057845629__p35978026164832"><strong id="en-us_topic_0057845629__b37426530113629_1">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="19.538046195380463%" id="mcps1.3.2.3.1.1.1.5.1.2"><p id="en-us_topic_0057845629__p28538959164832"><strong id="en-us_topic_0057845629__b842352706112524_1">Mandatory</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.308169183081695%" id="mcps1.3.2.3.1.1.1.5.1.3"><p id="en-us_topic_0057845629__p29954320164832"><strong id="en-us_topic_0057845629__b84235270615026_1">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="44.98550144985502%" id="mcps1.3.2.3.1.1.1.5.1.4"><p id="en-us_topic_0057845629__p10380887164832"><strong id="en-us_topic_0057845629__b14438018113629_1">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845629__row35545481164832"><td class="cellrowborder" valign="top" width="17.16828317168283%" headers="mcps1.3.2.3.1.1.1.5.1.1 "><p id="en-us_topic_0057845629__p60611728164832">idp_id</p>
</td>
<td class="cellrowborder" valign="top" width="19.538046195380463%" headers="mcps1.3.2.3.1.1.1.5.1.2 "><p id="en-us_topic_0057845629__p10602964164832">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.308169183081695%" headers="mcps1.3.2.3.1.1.1.5.1.3 "><p id="en-us_topic_0057845629__p53533756164832">String</p>
</td>
<td class="cellrowborder" valign="top" width="44.98550144985502%" headers="mcps1.3.2.3.1.1.1.5.1.4 "><p id="en-us_topic_0057845629__p41266993164832">ID of an identity provider.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row35858619164832"><td class="cellrowborder" valign="top" width="17.16828317168283%" headers="mcps1.3.2.3.1.1.1.5.1.1 "><p id="en-us_topic_0057845629__p18867054164832">protocol _id</p>
</td>
<td class="cellrowborder" valign="top" width="19.538046195380463%" headers="mcps1.3.2.3.1.1.1.5.1.2 "><p id="en-us_topic_0057845629__p51836385164832">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.308169183081695%" headers="mcps1.3.2.3.1.1.1.5.1.3 "><p id="en-us_topic_0057845629__p37997628164832">String</p>
</td>
<td class="cellrowborder" valign="top" width="44.98550144985502%" headers="mcps1.3.2.3.1.1.1.5.1.4 "><p id="en-us_topic_0057845629__p57909032164832">ID of a protocol.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</div>
<div class="section" id="en-us_topic_0057845629__section30144898164730"><h4 class="sectiontitle">Request Parameters</h4><ul id="en-us_topic_0057845629__ul37385774164730"><li id="en-us_topic_0057845629__li44322980164645">Parameters in the request header
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845629__table56458564164645" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845629__row38321014164645"><th align="left" class="cellrowborder" valign="top" width="16.98%" id="mcps1.3.3.2.1.1.1.5.1.1"><p id="en-us_topic_0057845629__p4891467164645"><strong id="en-us_topic_0057845629__b37426530113629_3">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="19.49%" id="mcps1.3.3.2.1.1.1.5.1.2"><p id="en-us_topic_0057845629__p60664507164645"><strong id="en-us_topic_0057845629__b842352706112524_3">Mandatory</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.61%" id="mcps1.3.3.2.1.1.1.5.1.3"><p id="en-us_topic_0057845629__p14878007164645"><strong id="en-us_topic_0057845629__b84235270615026_3">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="44.92%" id="mcps1.3.3.2.1.1.1.5.1.4"><p id="en-us_topic_0057845629__p64267944164645"><strong id="en-us_topic_0057845629__b14438018113629_3">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845629__row47522392164645"><td class="cellrowborder" valign="top" width="16.98%" headers="mcps1.3.3.2.1.1.1.5.1.1 "><p id="en-us_topic_0057845629__p22387518164645">Accept</p>
</td>
<td class="cellrowborder" valign="top" width="19.49%" headers="mcps1.3.3.2.1.1.1.5.1.2 "><p id="en-us_topic_0057845629__p1449685164645">No</p>
</td>
<td class="cellrowborder" valign="top" width="18.61%" headers="mcps1.3.3.2.1.1.1.5.1.3 "><p id="en-us_topic_0057845629__p50315689164645">String</p>
</td>
<td class="cellrowborder" valign="top" width="44.92%" headers="mcps1.3.3.2.1.1.1.5.1.4 "><ul id="en-us_topic_0057845629__ul2066821281118"><li id="en-us_topic_0057845629__li266812123112">This parameter is not required when a token is obtained in the WebSSO mode.</li><li id="en-us_topic_0057845629__li12668712161113">When you obtain a token using the Enhanced Client Proxy (ECP), the value of this parameter is as follows:<p id="en-us_topic_0057845629__p585112176116"><a name="en-us_topic_0057845629__li12668712161113"></a><a name="li12668712161113"></a>application/vnd.paos+xml</p>
</li></ul>
</td>
</tr>
<tr id="en-us_topic_0057845629__row45829305164645"><td class="cellrowborder" valign="top" width="16.98%" headers="mcps1.3.3.2.1.1.1.5.1.1 "><p id="en-us_topic_0057845629__p25048351164645">PAOS</p>
</td>
<td class="cellrowborder" valign="top" width="19.49%" headers="mcps1.3.3.2.1.1.1.5.1.2 "><p id="en-us_topic_0057845629__p15650549164645">No</p>
</td>
<td class="cellrowborder" valign="top" width="18.61%" headers="mcps1.3.3.2.1.1.1.5.1.3 "><p id="en-us_topic_0057845629__p59734927164645">String</p>
</td>
<td class="cellrowborder" valign="top" width="44.92%" headers="mcps1.3.3.2.1.1.1.5.1.4 "><ul id="en-us_topic_0057845629__ul10681123417114"><li id="en-us_topic_0057845629__li126811234141114">This parameter is not required when a token is obtained in the WebSSO mode.</li><li id="en-us_topic_0057845629__li86811934171115">When you obtain a token using the ECP, the value of this parameter is as follows:<p id="en-us_topic_0057845629__p60218117164645"><a name="en-us_topic_0057845629__li86811934171115"></a><a name="li86811934171115"></a>urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp</p>
</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="en-us_topic_0057845629__note44922205174950"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ol id="en-us_topic_0057845629__ol4176620517502"><li id="en-us_topic_0057845629__li4035152817502">This API can be used to obtain tokens through WebSSO and ECP. Different request headers are used to determine the method of obtaining a token. For details, see the parameter description of Request Header.</li><li id="en-us_topic_0057845629__li2761943317502">You are not advised to obtain a token by directly calling this API. You are advised to obtain a token using OpenStackClient.</li></ol>
</div></div>
</li><li id="en-us_topic_0057845629__li927648164730">Example request<pre class="screen" id="en-us_topic_0057845629__screen8348838164730"><em id="en-us_topic_0057845629__i659810472312">GET /v3/OS-FEDERATION/identity_providers/idptest/protocols/saml/auth</em></pre>
</li></ul>
</div>
<div class="section" id="en-us_topic_0057845629__section5167254164730"><h4 class="sectiontitle">Response Parameters</h4><ul id="en-us_topic_0057845629__ul48926326164730"><li id="en-us_topic_0057845629__li66778556165124">Parameters in the response body
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845629__table30197476165124" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845629__row25190343165124"><th align="left" class="cellrowborder" valign="top" width="16.951695169516952%" id="mcps1.3.4.2.1.1.1.5.1.1"><p id="en-us_topic_0057845629__p63550324165124"><strong id="en-us_topic_0057845629__b84235270616223">Response Item</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="19.51195119511951%" id="mcps1.3.4.2.1.1.1.5.1.2"><p id="en-us_topic_0057845629__p47302590165124"><strong id="en-us_topic_0057845629__b37426530113629_5">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.941894189418942%" id="mcps1.3.4.2.1.1.1.5.1.3"><p id="en-us_topic_0057845629__p6304564165124"><strong id="en-us_topic_0057845629__b84235270615026_5">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="44.594459445944594%" id="mcps1.3.4.2.1.1.1.5.1.4"><p id="en-us_topic_0057845629__p40907712165124"><strong id="en-us_topic_0057845629__b14438018113629_5">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845629__row31669105165124"><td class="cellrowborder" valign="top" width="16.951695169516952%" headers="mcps1.3.4.2.1.1.1.5.1.1 "><p id="en-us_topic_0057845629__p27151923165124">X-Subject-Token</p>
</td>
<td class="cellrowborder" valign="top" width="19.51195119511951%" headers="mcps1.3.4.2.1.1.1.5.1.2 "><p id="en-us_topic_0057845629__p51822188165124">header</p>
</td>
<td class="cellrowborder" valign="top" width="18.941894189418942%" headers="mcps1.3.4.2.1.1.1.5.1.3 "><p id="en-us_topic_0057845629__p36847705165124">String</p>
</td>
<td class="cellrowborder" valign="top" width="44.594459445944594%" headers="mcps1.3.4.2.1.1.1.5.1.4 "><p id="en-us_topic_0057845629__en-us_topic_0026585112_p51812368">Signed unscoped token.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row15598896165124"><td class="cellrowborder" valign="top" width="16.951695169516952%" headers="mcps1.3.4.2.1.1.1.5.1.1 "><p id="en-us_topic_0057845629__p16586493165124">token</p>
</td>
<td class="cellrowborder" valign="top" width="19.51195119511951%" headers="mcps1.3.4.2.1.1.1.5.1.2 "><p id="en-us_topic_0057845629__p1328717165124">body</p>
</td>
<td class="cellrowborder" valign="top" width="18.941894189418942%" headers="mcps1.3.4.2.1.1.1.5.1.3 "><p id="en-us_topic_0057845629__p40517270165124">Object</p>
</td>
<td class="cellrowborder" valign="top" width="44.594459445944594%" headers="mcps1.3.4.2.1.1.1.5.1.4 "><p id="en-us_topic_0057845629__p60673407165124">Information of the unscoped token obtained in federated identity authentication mode, including methods and user information.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="en-us_topic_0057845629__li37683757164730">Example response<pre class="screen" id="en-us_topic_0057845629__screen869816611453">{
"token": {
"issued_at": "2017-05-23T06:54:51.763000Z",
"expires_at": "2017-05-24T06:54:51.763000Z",
"methods": [
"mapped"
],
"user": {
"domain": {
"id": "e31ac82d778b4d128cb6fed37fd72cdb",
"name": "exampledomain"
},
"id": "RMQTgtjjSNGDcKy7oUmI3AZg7GgsWG0Z",
"name": "exampleuser",
"OS-FEDERATION": {
"identity_provider": {
"id": "exampleuser"
},
"protocol": {
"id": "saml"
},
"groups": [
{
"id": "b40189e26ea44f959877621b4b298db5"
}
]
}
}
}
}</pre>
</li></ul>
</div>
<div class="section" id="en-us_topic_0057845629__section33762092164730"><h4 class="sectiontitle">Status Code</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0057845629__table50374951164730" frame="border" border="1" rules="all"><thead align="left"><tr id="en-us_topic_0057845629__row57231606164730"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.5.2.1.3.1.1"><p id="en-us_topic_0057845629__p5248518164730"><strong id="en-us_topic_0057845629__b842352706104328">Status Code</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.5.2.1.3.1.2"><p id="en-us_topic_0057845629__p22476794164730"><strong id="en-us_topic_0057845629__b14438018113629_7">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="en-us_topic_0057845629__row8681019164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p32073904164730">200</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p47849409164730">The request is successful. You need to further obtain user information.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row27991504164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p52719384164730">201</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p42411696164730">The request is successful, and a token is returned.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row46160945164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p48049093164730">302</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p66771325164730">The system switches to the identity provider authentication page if the request does not carry user information of the identity provider.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row64071018164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p22370004164730">400</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p31063164730">The server failed to process the request.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row279569164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p22645099164730">401</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p22313713164730">Authentication failed.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row66605697164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p26352373164730">403</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p54167498164730">Access denied.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row17745440164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p28094569164730">405</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p61067622164730">The method specified in the request is not allowed for the requested resource.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row12737692164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p25120131164730">413</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p21464722164730">The request entity is too large.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row58964777164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p11417608164730">500</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p52411044164730">Internal server error.</p>
</td>
</tr>
<tr id="en-us_topic_0057845629__row1937348164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="en-us_topic_0057845629__p22707461164730">503</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="en-us_topic_0057845629__p27365047164730">Service unavailable.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0057845565.html">Token</a></div>
</div>
</div>
View Git Blame Copy Permalink