vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/api-ref/iam_02_0003.html
zhangyue 3b5a58b1fe IAM API 2.0.38 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2022-10-26 04:31:24 +00:00

189 lines
14 KiB
HTML
Raw Blame History

<a name="iam_02_0003"></a><a name="iam_02_0003"></a>
<h1 class="topictitle1">Obtaining an Unscoped Token (IdP Initiated)</h1>
<div id="body1520817928148"><div class="section" id="iam_02_0003__section42991548164730"><h4 class="sectiontitle">Function</h4><p id="iam_02_0003__p9619121292315">This API is used to obtain an unscoped token in IdP-initiated federated identity authentication mode.</p>
<p id="iam_02_0003__p347386339">An unscoped token cannot be used for authentication. If a federated user needs to use a token for authentication, obtain the scoped token based on section <a href="iam_13_0604.html">Obtaining a Scoped Token</a>.</p>
</div>
<div class="section" id="iam_02_0003__section999597164730"><h4 class="sectiontitle">URI</h4><p id="iam_02_0003__p4792267163236">POST /v3.0/OS-FEDERATION/tokens</p>
</div>
<div class="section" id="iam_02_0003__section30144898164730"><h4 class="sectiontitle">Request Parameters</h4><ul id="iam_02_0003__ul37385774164730"><li id="iam_02_0003__li44322980164645">Parameters in the request header
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_02_0003__table56458564164645" frame="border" border="1" rules="all"><thead align="left"><tr id="iam_02_0003__row38321014164645"><th align="left" class="cellrowborder" valign="top" width="20.76%" id="mcps1.3.3.2.1.1.1.5.1.1"><p id="iam_02_0003__p4891467164645"><strong id="iam_02_0003__b37426530113629_1">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.299999999999997%" id="mcps1.3.3.2.1.1.1.5.1.2"><p id="iam_02_0003__p60664507164645"><strong id="iam_02_0003__b842352706112524_1">Mandatory</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.48%" id="mcps1.3.3.2.1.1.1.5.1.3"><p id="iam_02_0003__p14878007164645"><strong id="iam_02_0003__b84235270615026_1">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="43.46%" id="mcps1.3.3.2.1.1.1.5.1.4"><p id="iam_02_0003__p64267944164645"><strong id="iam_02_0003__b14438018113629_1">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="iam_02_0003__row16522014164645"><td class="cellrowborder" valign="top" width="20.76%" headers="mcps1.3.3.2.1.1.1.5.1.1 "><p id="iam_02_0003__p16994440164645">X-Idp-Id</p>
</td>
<td class="cellrowborder" valign="top" width="17.299999999999997%" headers="mcps1.3.3.2.1.1.1.5.1.2 "><p id="iam_02_0003__p34372423164645">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.48%" headers="mcps1.3.3.2.1.1.1.5.1.3 "><p id="iam_02_0003__p32702874164645">String</p>
</td>
<td class="cellrowborder" valign="top" width="43.46%" headers="mcps1.3.3.2.1.1.1.5.1.4 "><p id="iam_02_0003__p45605165175031">ID of an identity provider.</p>
</td>
</tr>
<tr id="iam_02_0003__row27958398103142"><td class="cellrowborder" valign="top" width="20.76%" headers="mcps1.3.3.2.1.1.1.5.1.1 "><p id="iam_02_0003__p50037738103142">Content-Type</p>
</td>
<td class="cellrowborder" valign="top" width="17.299999999999997%" headers="mcps1.3.3.2.1.1.1.5.1.2 "><p id="iam_02_0003__p26525003103142">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.48%" headers="mcps1.3.3.2.1.1.1.5.1.3 "><p id="iam_02_0003__p1041673103142">String</p>
</td>
<td class="cellrowborder" valign="top" width="43.46%" headers="mcps1.3.3.2.1.1.1.5.1.4 "><p id="iam_02_0003__p61308811103259">The client must transfer the SAMLResponse parameter to the server by using the form data submitted by the browser. Therefore, the value of this parameter must be:</p>
<p id="iam_02_0003__p17266699103142">application/x-www-form-urlencoded</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="iam_02_0003__li28863801102532">Parameters in the request body
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_02_0003__table58447617102532" frame="border" border="1" rules="all"><thead align="left"><tr id="iam_02_0003__row28600734102532"><th align="left" class="cellrowborder" valign="top" width="20.62%" id="mcps1.3.3.2.2.1.1.5.1.1"><p id="iam_02_0003__p34958131102532"><strong id="iam_02_0003__a173ae121cc9e48328ca613e72f2a1504">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.27%" id="mcps1.3.3.2.2.1.1.5.1.2"><p id="iam_02_0003__p13036348102532"><strong id="iam_02_0003__b842352706112524_3">Mandatory</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.63%" id="mcps1.3.3.2.2.1.1.5.1.3"><p id="iam_02_0003__p49311266102532"><strong id="iam_02_0003__b84235270615026_3">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="43.480000000000004%" id="mcps1.3.3.2.2.1.1.5.1.4"><p id="iam_02_0003__p34789580102532"><strong id="iam_02_0003__b20601766145329">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="iam_02_0003__row66492578102532"><td class="cellrowborder" valign="top" width="20.62%" headers="mcps1.3.3.2.2.1.1.5.1.1 "><p id="iam_02_0003__p17189774102532">SAMLResponse</p>
</td>
<td class="cellrowborder" valign="top" width="17.27%" headers="mcps1.3.3.2.2.1.1.5.1.2 "><p id="iam_02_0003__p50194421102532">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="18.63%" headers="mcps1.3.3.2.2.1.1.5.1.3 "><p id="iam_02_0003__p492243151519">String</p>
</td>
<td class="cellrowborder" valign="top" width="43.480000000000004%" headers="mcps1.3.3.2.2.1.1.5.1.4 "><p id="iam_02_0003__p52716491103542">Response body returned when IdP authentication is successful.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="iam_02_0003__note44922205174950"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_02_0003__p4330573993853">This API can only be called on the CLI side. The client needs to obtain SAMLResponse in IdP-initiated federated identity authentication mode and obtain an unscoped token by using the form data submitted by the browser.</p>
</div></div>
</li><li id="iam_02_0003__li927648164730">Example request<pre class="screen" id="iam_02_0003__screen4121022410524">curl -i -k -H 'Accept:application/json' -H 'x-Idp-Id:test_local_idp' -H 'Content-Type:application/x-www-form-urlencoded' -X POST -d 'SAMLResponse=PD94bWwgdmVyc2lvbj0iMS4wIiBl4WXZ1OGNmYmRzWk1ZeWlLKy96anpEbm1rT2FrVVBrUmlSWEpLYUt5NzJtUmtoRFBCNjgwVQpzalU3R2hKNHE4ZG48L3hlbmM6Q2lwaGVyVmFsdWU%2BPC94ZW5jOkNpcGhlckRhdGE%2BPC94ZW5jOkVuY3J5cHRlZERhdGE%2BPC9zYW1sMjpFbmNyeXB0ZWRBc3NlcnRpb24%2BPC9zYW1sMnA6UmVzcG9uc2U%2B' https://sample.domain.com/v3.0/OS-FEDERATION/tokens</pre>
</li></ul>
</div>
<div class="section" id="iam_02_0003__section5167254164730"><h4 class="sectiontitle">Response Parameters</h4><ul id="iam_02_0003__ul48926326164730"><li id="iam_02_0003__li66778556165124">Parameters in the response body
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_02_0003__table30197476165124" frame="border" border="1" rules="all"><thead align="left"><tr id="iam_02_0003__row25190343165124"><th align="left" class="cellrowborder" valign="top" width="20.54%" id="mcps1.3.4.2.1.1.1.5.1.1"><p id="iam_02_0003__p63550324165124"><strong id="iam_02_0003__b84235270616223">Response Item</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.39%" id="mcps1.3.4.2.1.1.1.5.1.2"><p id="iam_02_0003__p47302590165124"><strong id="iam_02_0003__b37426530113629_3">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.94%" id="mcps1.3.4.2.1.1.1.5.1.3"><p id="iam_02_0003__p6304564165124"><strong id="iam_02_0003__b84235270615026_5">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="43.13%" id="mcps1.3.4.2.1.1.1.5.1.4"><p id="iam_02_0003__p40907712165124"><strong id="iam_02_0003__b14438018113629_3">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="iam_02_0003__row31669105165124"><td class="cellrowborder" valign="top" width="20.54%" headers="mcps1.3.4.2.1.1.1.5.1.1 "><p id="iam_02_0003__p27151923165124">X-Subject-Token</p>
</td>
<td class="cellrowborder" valign="top" width="17.39%" headers="mcps1.3.4.2.1.1.1.5.1.2 "><p id="iam_02_0003__p51822188165124">header</p>
</td>
<td class="cellrowborder" valign="top" width="18.94%" headers="mcps1.3.4.2.1.1.1.5.1.3 "><p id="iam_02_0003__p36847705165124">String</p>
</td>
<td class="cellrowborder" valign="top" width="43.13%" headers="mcps1.3.4.2.1.1.1.5.1.4 "><p id="iam_02_0003__en-us_topic_0026585112_p51812368">Signed unscoped token.</p>
</td>
</tr>
<tr id="iam_02_0003__row15598896165124"><td class="cellrowborder" valign="top" width="20.54%" headers="mcps1.3.4.2.1.1.1.5.1.1 "><p id="iam_02_0003__p16586493165124">token</p>
</td>
<td class="cellrowborder" valign="top" width="17.39%" headers="mcps1.3.4.2.1.1.1.5.1.2 "><p id="iam_02_0003__p1328717165124">body</p>
</td>
<td class="cellrowborder" valign="top" width="18.94%" headers="mcps1.3.4.2.1.1.1.5.1.3 "><p id="iam_02_0003__p40517270165124">Object</p>
</td>
<td class="cellrowborder" valign="top" width="43.13%" headers="mcps1.3.4.2.1.1.1.5.1.4 "><p id="iam_02_0003__p60673407165124">Information of the unscoped token obtained in federated identity authentication mode, including methods and user information.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="iam_02_0003__li37683757164730">Example response<pre class="screen" id="iam_02_0003__screen869816611453">{
"token": {
"expires_at": "2018-03-13T03:00:01.168000Z",
"methods": ["mapped"],
"issued_at": "2018-03-12T03:00:01.168000Z",
"user": {
"OS-FEDERATION": {
"identity_provider": {
"id": "test_local_idp"
},
"protocol": {
"id": "saml"
},
"groups": [{
"name": "admin",
"id": "45a8c8f1894444e9a016af065e152b91"
}]
},
"domain": {
"name": "hansheng",
"id": "c0e20cc993a24ad4aa3251661ef37c87"
},
"name": "FederationUser",
"id": "QNSzD0bycqUXE4hiRNfyFcWfoOs8z6gT"
}
}
}</pre>
</li></ul>
</div>
<div class="section" id="iam_02_0003__section33762092164730"><h4 class="sectiontitle">Status Code</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_02_0003__table50374951164730" frame="border" border="1" rules="all"><thead align="left"><tr id="iam_02_0003__row57231606164730"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.5.2.1.3.1.1"><p id="iam_02_0003__p5248518164730"><strong id="iam_02_0003__b842352706104328">Status Code</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.5.2.1.3.1.2"><p id="iam_02_0003__p22476794164730"><strong id="iam_02_0003__b14438018113629_5">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="iam_02_0003__row27991504164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p52719384164730">201</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p42411696164730">The request is successful, and a token is returned.</p>
</td>
</tr>
<tr id="iam_02_0003__row64071018164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p22370004164730">400</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p31063164730">The server failed to process the request.</p>
</td>
</tr>
<tr id="iam_02_0003__row279569164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p22645099164730">401</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p22313713164730">Authentication failed.</p>
</td>
</tr>
<tr id="iam_02_0003__row66605697164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p26352373164730">403</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p54167498164730">Access denied.</p>
</td>
</tr>
<tr id="iam_02_0003__row17745440164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p28094569164730">405</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p61067622164730">The method specified in the request is not allowed for the requested resource.</p>
</td>
</tr>
<tr id="iam_02_0003__row12737692164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p25120131164730">413</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p21464722164730">The request entity is too large.</p>
</td>
</tr>
<tr id="iam_02_0003__row58964777164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p11417608164730">500</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p52411044164730">Internal server error.</p>
</td>
</tr>
<tr id="iam_02_0003__row1937348164730"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="iam_02_0003__p22707461164730">503</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="iam_02_0003__p27365047164730">Service unavailable.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0057845565.html">Token</a></div>
</div>
</div>
View Git Blame Copy Permalink