vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/api-ref/iam_13_0207.html
Wei, Hongmin 80f18fd272 IAM API 2.6 Version 
Reviewed-by: Kabai, Zoltán Gábor <zoltan-gabor.kabai@t-systems.com>
Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com>
Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
2023-08-03 03:34:59 +00:00

451 lines
32 KiB
HTML
Raw Blame History

<a name="iam_13_0207"></a><a name="iam_13_0207"></a>
<h1 class="topictitle1">Creating an OpenID Connect Identity Provider</h1>
<div id="body1598526655526"><div class="section" id="iam_13_0207__section093472073113"><h4 class="sectiontitle">Function</h4><p id="iam_13_0207__p1814417215312">This API is provided for the administrator to create an OpenID Connect identity provider.</p>
</div>
<div class="section" id="iam_13_0207__section1693712205313"><h4 class="sectiontitle">URI</h4><p id="iam_13_0207__p714410218315">POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_13_0207__table293802015318" frame="border" border="1" rules="all"><caption><b>Table 1 </b>URI parameters</caption><thead align="left"><tr id="iam_13_0207__row19144172183118"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.1"><p id="iam_13_0207__p111447211311">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10%" id="mcps1.3.2.3.2.5.1.2"><p id="iam_13_0207__p11447213313">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.3"><p id="iam_13_0207__p314418213313">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.2.3.2.5.1.4"><p id="iam_13_0207__p414415214312">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_13_0207__row51442214311"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.1 "><p id="iam_13_0207__p1414412219316">idp_id</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.2.3.2.5.1.2 "><p id="iam_13_0207__p12144202123117">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.3 "><p id="iam_13_0207__p1144192116317">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.3.2.5.1.4 "><p id="iam_13_0207__p2144112173116">Identity provider ID.</p>
<p id="iam_13_0207__p10959085214">Length: 1 to 64 characters</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="iam_13_0207__section694752033115"><h4 class="sectiontitle">Request Parameters</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_13_0207__table1094862012315" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters in the request header</caption><thead align="left"><tr id="iam_13_0207__row21441121203110"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.1"><p id="iam_13_0207__p414462113319">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10%" id="mcps1.3.3.2.2.5.1.2"><p id="iam_13_0207__p1314442193111">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.3"><p id="iam_13_0207__p13144102112319">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.2.5.1.4"><p id="iam_13_0207__p814432113318">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_13_0207__row3144122119310"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.1 "><p id="iam_13_0207__p7144132133111">Content-Type</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.2.2.5.1.2 "><p id="iam_13_0207__p6144221133110">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.3 "><p id="iam_13_0207__p714414213315">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.2.5.1.4 "><p id="iam_13_0207__p141441221163120">Fill <strong id="iam_13_0207__b455023017393">application/json;charset=utf8</strong> in this field.</p>
</td>
</tr>
<tr id="iam_13_0207__row6144121163110"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.1 "><p id="iam_13_0207__p514462133112">X-Auth-Token</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.2.2.5.1.2 "><p id="iam_13_0207__p114442153117">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.3 "><p id="iam_13_0207__p81449217317">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.2.5.1.4 "><p id="iam_13_0207__p18144142115312">Token with <strong id="iam_13_0207__b8387128144811">Security Administrator</strong> permissions.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_13_0207__table3954102011317" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Parameters in the request body</caption><thead align="left"><tr id="iam_13_0207__row114442118315"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.1"><p id="iam_13_0207__p1314462112319">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10%" id="mcps1.3.3.3.2.5.1.2"><p id="iam_13_0207__p214462173115">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.3.2.5.1.3"><p id="iam_13_0207__p1414482118313">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.3.2.5.1.4"><p id="iam_13_0207__p1144192111318">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_13_0207__row2144172110312"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.1 "><p id="iam_13_0207__p1144162116319"><a href="#iam_13_0207__table15957142011312">openid_connect_config</a></p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.3.2.5.1.2 "><p id="iam_13_0207__p11144821103116">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.3.2.5.1.3 "><p id="iam_13_0207__p61445215313">object</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.3.2.5.1.4 "><p id="iam_13_0207__p1144202113117">OpenID Connect configurations.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="iam_13_0207__table15957142011312"></a><a name="table15957142011312"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_13_0207__table15957142011312" frame="border" border="1" rules="all"><caption><b>Table 4 </b>CreateOpenIDConnectConfig</caption><thead align="left"><tr id="iam_13_0207__row2144152123112"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.1"><p id="iam_13_0207__p3144421143114">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10%" id="mcps1.3.3.4.2.5.1.2"><p id="iam_13_0207__p51441321113117">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.4.2.5.1.3"><p id="iam_13_0207__p21441121113116">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.4.2.5.1.4"><p id="iam_13_0207__p2014492118318">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_13_0207__row161441021163112"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p14144621193111">access_mode</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p81449213311">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p191441821123118">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p611593517328">Access type. Options:</p>
<ul id="iam_13_0207__ul1166237163218"><li id="iam_13_0207__li8682123913328"><strong id="iam_13_0207__b825102134010">program_console</strong>: programmatic access and management console access.</li><li id="iam_13_0207__li14166837203213"><strong id="iam_13_0207__b15675141184117">program</strong>: programmatic access only.</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row014412117311"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p1714412143112">idp_url</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p15144182123115">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p61441221123117">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p1514462119318">URL of the OpenID Connect identity provider. This field corresponds to the <strong id="iam_13_0207__b189952014210">iss</strong> field in the ID token.</p>
<p id="iam_13_0207__p413564920525">Length: 10 to 255 characters</p>
</td>
</tr>
<tr id="iam_13_0207__row81446218311"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p1914572113311">client_id</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p12145421183117">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p1014518212311">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p111454219316">ID of a client registered with the OpenID Connect identity provider.</p>
<p id="iam_13_0207__p34251044175219">Length: 5 to 255 characters</p>
</td>
</tr>
<tr id="iam_13_0207__row4145102114315"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p81451921143110">authorization_endpoint</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p2145132114314">No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p81455216313">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p1427416283317">Authorization endpoint of the OpenID Connect identity provider.</p>
<p id="iam_13_0207__p714514217312">This field is required only if <strong id="iam_13_0207__b15698439488">access_mode</strong> is set to <strong id="iam_13_0207__b1830920567488">program_console</strong>.</p>
<p id="iam_13_0207__p1851121112535">Length: 10 to 255 characters</p>
</td>
</tr>
<tr id="iam_13_0207__row1914512123110"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p12145921113113">scope</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p3145172119318">No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p4145102163116">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p1460272123315">Scope of authorization requests.</p>
<p id="iam_13_0207__p217382453312">This field is required only if <strong id="iam_13_0207__b1083162364912">access_mode</strong> is set to <strong id="iam_13_0207__b12881623124911">program_console</strong>.</p>
<p id="iam_13_0207__p137881118173510">Enumerated values:</p>
<ul id="iam_13_0207__ul182672313510"><li id="iam_13_0207__li4262237352">openid</li><li id="iam_13_0207__li1526723103517">email</li><li id="iam_13_0207__li12662315356">profile<div class="note" id="iam_13_0207__note78171434125310"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="iam_13_0207__ul940272714014"><li id="iam_13_0207__li174622917012"><strong id="iam_13_0207__b1630914183549">openid</strong> must be specified for this field.</li><li id="iam_13_0207__li94021271108">You can specify 1 to 10 values and separate them with spaces.</li></ul>
<p id="iam_13_0207__p457525410018">Example: <strong id="iam_13_0207__b6724425516">openid</strong>, <strong id="iam_13_0207__b12149194310553">openid email</strong>, <strong id="iam_13_0207__b17678939165512">openid profile</strong>, and <strong id="iam_13_0207__b13421337195510">openid email profile</strong>.</p>
</div></div>
</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row214522153113"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p714532115310">response_type</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p12145192143110">No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p1114518210316">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p1841811576348">Response type.</p>
<p id="iam_13_0207__p15291049103419">This field is required only if <strong id="iam_13_0207__b73469895620">access_mode</strong> is set to <strong id="iam_13_0207__b2351682564">program_console</strong>.</p>
<p id="iam_13_0207__p3145192183119">Enumerated value:</p>
<ul id="iam_13_0207__ul71451221133119"><li id="iam_13_0207__li9145152116319">id_token</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row18145152173117"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p1414562123113">response_mode</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p141458217310">No</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p7145112163113">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p1155410285350">Response mode.</p>
<p id="iam_13_0207__p914520214311">This field is required only if <strong id="iam_13_0207__b1575162385711">access_mode</strong> is set to <strong id="iam_13_0207__b11580202375715">program_console</strong>.</p>
<p id="iam_13_0207__p01451621113115">Enumerated values:</p>
<ul id="iam_13_0207__ul914502123116"><li id="iam_13_0207__li101452212315">fragment</li><li id="iam_13_0207__li1014502110317">form_post</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row3145202114317"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.1 "><p id="iam_13_0207__p214572153112">signing_key</p>
</td>
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.4.2.5.1.2 "><p id="iam_13_0207__p11145121183118">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.4.2.5.1.3 "><p id="iam_13_0207__p91451521193115">String</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.4.2.5.1.4 "><p id="iam_13_0207__p414552115316">Public key used to sign the ID token of the OpenID Connect identity provider.</p>
<p id="iam_13_0207__p14891429613">Length: 10 to 30,000 characters</p>
<p id="iam_13_0207__p1217527174916">Format example:</p>
<pre class="screen" id="iam_13_0207__screen152894895118">{
"keys":[
{
"kid":"d05ef20c4512645vv1..." ,
"n":"cws_cnjiwsbvweolwn_-vnl...",
"e":"AQAB",
"kty":"RSA",
"use":"sig",
"alg":"RS256"
}
]
} </pre>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="iam_13_0207__section11977720193119"><h4 class="sectiontitle">Response Parameters</h4><p id="iam_13_0207__p181451621173120"><strong id="iam_13_0207__b1741213715511">Status code: 201</strong></p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_13_0207__table20977122003112" frame="border" border="1" rules="all"><caption><b>Table 5 </b>Parameters in the response body</caption><thead align="left"><tr id="iam_13_0207__row151459217317"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.3.2.4.1.1"><p id="iam_13_0207__p4145021113113">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.3.2.4.1.2"><p id="iam_13_0207__p5145162117314">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.3.2.4.1.3"><p id="iam_13_0207__p2014518215310">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_13_0207__row7145421173119"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.3.2.4.1.1 "><p id="iam_13_0207__p7145021103119"><a href="#iam_13_0207__table6981112015312">openid_connect_config</a></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.3.2.4.1.2 "><p id="iam_13_0207__p71451621183112">object</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.3.2.4.1.3 "><p id="iam_13_0207__p8145152143111">OpenID Connect configurations.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="iam_13_0207__table6981112015312"></a><a name="table6981112015312"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_13_0207__table6981112015312" frame="border" border="1" rules="all"><caption><b>Table 6 </b>openid_connect_config</caption><thead align="left"><tr id="iam_13_0207__row6145112112316"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.4.2.4.1.1"><p id="iam_13_0207__p15145221123114">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.4.2.4.1.2"><p id="iam_13_0207__p814516218315">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.4.2.4.1.3"><p id="iam_13_0207__p19145921193116">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_13_0207__row6145172116319"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p214502113118">access_mode</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p1914582116311">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p239028121315">Access type. Options:</p>
<ul id="iam_13_0207__ul1639168191310"><li id="iam_13_0207__li143910813132"><strong id="iam_13_0207__b438412268518">program_console</strong>: programmatic access and management console access.</li><li id="iam_13_0207__li113911813133"><strong id="iam_13_0207__b13615122718519">program</strong>: programmatic access only.</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row914519212318"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p11453212318">idp_url</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p1614515212316">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p7391108171314">URL of the OpenID Connect identity provider. This field corresponds to the <strong id="iam_13_0207__b342418291158">iss</strong> field in the ID token.</p>
<p id="iam_13_0207__p539120881313">Length: 10 to 255 characters</p>
</td>
</tr>
<tr id="iam_13_0207__row7145172173110"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p1414512193119">client_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p151451121183115">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p6391084136">ID of a client registered with the OpenID Connect identity provider.</p>
<p id="iam_13_0207__p13911687135">Length: 5 to 255 characters</p>
</td>
</tr>
<tr id="iam_13_0207__row1914562133114"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p10145121193111">authorization_endpoint</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p71451021123113">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p14391982135">Authorization endpoint of the OpenID Connect identity provider.</p>
<p id="iam_13_0207__p0391989138">This field is required only if <strong id="iam_13_0207__b15496115315711">access_mode</strong> is set to <strong id="iam_13_0207__b1549785313720">program_console</strong>.</p>
<p id="iam_13_0207__p20391980130">Length: 10 to 255 characters</p>
</td>
</tr>
<tr id="iam_13_0207__row61451521113114"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p101451721163110">scope</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p41451221173118">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p6391481138">Scope of authorization requests.</p>
<p id="iam_13_0207__p53919811315">This field is required only if <strong id="iam_13_0207__b1761637287">access_mode</strong> is set to <strong id="iam_13_0207__b126161172087">program_console</strong>.</p>
<p id="iam_13_0207__p3391586137">Enumerated values:</p>
<ul id="iam_13_0207__ul20391198131313"><li id="iam_13_0207__li18391208181310">openid</li><li id="iam_13_0207__li103911383131">email</li><li id="iam_13_0207__li1539110810136">profile<div class="note" id="iam_13_0207__note73911289136"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="iam_13_0207__ul33910813137"><li id="iam_13_0207__li183911383138"><strong id="iam_13_0207__b111614121683">openid</strong> must be specified for this field.</li><li id="iam_13_0207__li1939114810131">You can specify 1 to 10 values and separate them with spaces.</li></ul>
<p id="iam_13_0207__p4391108131319">Example: <strong id="iam_13_0207__b66415151189">openid</strong>, <strong id="iam_13_0207__b1064141518816">openid email</strong>, <strong id="iam_13_0207__b1365215881">openid profile</strong>, and <strong id="iam_13_0207__b2658151186">openid email profile</strong>.</p>
</div></div>
</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row1414562163119"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p1614552123115">response_type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p1314592113116">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p1539113817135">Response type.</p>
<p id="iam_13_0207__p183910819136">This field is required only if <strong id="iam_13_0207__b173690187816">access_mode</strong> is set to <strong id="iam_13_0207__b103694185816">program_console</strong>.</p>
<p id="iam_13_0207__p173910819131">Enumerated value:</p>
<ul id="iam_13_0207__ul153911841314"><li id="iam_13_0207__li63919811313">id_token</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row31451521103118"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p514510213311">response_mode</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p1914572113110">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p15391384132">Response mode.</p>
<p id="iam_13_0207__p20391148171311">This field is required only if <strong id="iam_13_0207__b11553142316814">access_mode</strong> is set to <strong id="iam_13_0207__b855317231086">program_console</strong>.</p>
<p id="iam_13_0207__p73911986137">Enumerated values:</p>
<ul id="iam_13_0207__ul123915810133"><li id="iam_13_0207__li039117821313">fragment</li><li id="iam_13_0207__li4391138171320">form_post</li></ul>
</td>
</tr>
<tr id="iam_13_0207__row914692173114"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_13_0207__p114672143114">signing_key</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_13_0207__p414672113315">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_13_0207__p193911084133">Public key used to sign the ID token of the OpenID Connect identity provider.</p>
<p id="iam_13_0207__p19391178131311">Length: 10 to 30,000 characters</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="iam_13_0207__section1399672014314"><h4 class="sectiontitle">Example Request</h4><ul id="iam_13_0207__ul81461921203118"><li id="iam_13_0207__li191461214315">Creating an identity provider that supports programmatic access<pre class="screen" id="iam_13_0207__screen943716569377">POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config
{
"openid_connect_config" : {
"access_mode" : "program",
"idp_url" : "https://accounts.example.com",
"client_id" : "client_id_example",
"signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}"
}
}</pre>
</li><li id="iam_13_0207__li814617211317">Creating an identity provider that supports programmatic access and management console access<pre class="screen" id="iam_13_0207__screen158651163389">POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config
{
"openid_connect_config" : {
"access_mode" : "program_console",
"idp_url" : "https://accounts.example.com",
"client_id" : "client_id_example",
"authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth",
"scope" : "openid",
"response_type" : "id_token",
"response_mode" : "form_post",
"signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}"
}
}</pre>
</li></ul>
</div>
<div class="section" id="iam_13_0207__section499813201314"><h4 class="sectiontitle">Example Response</h4><p id="iam_13_0207__p151461021143113"><strong id="iam_13_0207__b1869173314914">Status code: 201</strong></p>
<p id="iam_13_0207__p4146122111312">The identity provider is created successfully.</p>
<ul id="iam_13_0207__ul201461721183119"><li id="iam_13_0207__li814612113113">Example 1<pre class="screen" id="iam_13_0207__screen10886171413382">{
"openid_connect_config" : {
"access_mode" : "program",
"idp_url" : "https://accounts.example.com",
"client_id" : "client_id_example",
"signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}"
}
}</pre>
</li><li id="iam_13_0207__li191464219315">Example 2<pre class="screen" id="iam_13_0207__screen1793071953817">{
"openid_connect_config" : {
"access_mode" : "program_console",
"idp_url" : "https://accounts.example.com",
"client_id" : "client_id_example",
"authorization_endpoint" : "https://accounts.example.com/o/oauth2/v2/auth",
"scope" : "openid",
"response_type" : "id_token",
"response_mode" : "form_post",
"signing_key" : "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"use\":\"sig\",\"n\":\"example\",\"kid\":\"kid_example\",\"alg\":\"RS256\"}]}"
}
}</pre>
</li></ul>
<p id="iam_13_0207__p1114614219319"><strong id="iam_13_0207__b1070114611913">Status code: 400</strong></p>
<div class="p" id="iam_13_0207__p2146172117318">The server failed to process the request.<pre class="screen" id="iam_13_0207__screen171461821193117">{
"error_msg" : "Request body is invalid.",
"error_code" : "IAM.0011"
}</pre>
</div>
<p id="iam_13_0207__p11146021163110"><strong id="iam_13_0207__b1355319489912">Status code: 401</strong></p>
<p id="iam_13_0207__p1146162193115">Authentication failed.</p>
<pre class="screen" id="iam_13_0207__screen111461721203116">{
"error_msg" : "The request you have made requires authentication.",
"error_code" : "IAM.0001"
}</pre>
<p id="iam_13_0207__p9146132110315"><strong id="iam_13_0207__b98715501998">Status code: 403</strong></p>
<p id="iam_13_0207__p181461021123115">Access denied.</p>
<pre class="screen" id="iam_13_0207__screen5146021173119">{
"error_msg" : "Policy doesn't allow %(actions)s to be performed.",
"error_code" : "IAM.0003"
}</pre>
<p id="iam_13_0207__p121461121163115"><strong id="iam_13_0207__b267020511911">Status code: 404</strong></p>
<p id="iam_13_0207__p18146182133114">The requested resource cannot be found.</p>
<pre class="screen" id="iam_13_0207__screen16146152143118">{
"error_msg" : "Could not find %(target)s: %(target_id)s.",
"error_code" : "IAM.0004"
}</pre>
<p id="iam_13_0207__p1214614215316"><strong id="iam_13_0207__b1641119532918">Status code: 409</strong></p>
<p id="iam_13_0207__p2146192114314">The resource already exists.</p>
<pre class="screen" id="iam_13_0207__screen314602110311">{
"error_msg" : "Conflict occurred attempting to store %(type)s - %(details)s.",
"error_code" : "IAM.0005"
}</pre>
<p id="iam_13_0207__p514682111317"><strong id="iam_13_0207__b835245141016">Status code: 500</strong></p>
<p id="iam_13_0207__p12146921113114">Internal server error.</p>
<pre class="screen" id="iam_13_0207__screen16146621173113">{
"error_msg" : "An unexpected error prevented the server from fulfilling your request.",
"error_code" : "IAM.0006"
}</pre>
</div>
<div class="section" id="iam_13_0207__section26821103118"><h4 class="sectiontitle">Status Codes</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_13_0207__table77321143119" frame="border" border="1" rules="all"><thead align="left"><tr id="iam_13_0207__row61461021123115"><th align="left" class="cellrowborder" valign="top" width="15%" id="mcps1.3.7.2.1.3.1.1"><p id="iam_13_0207__p141461221183117">Status Code</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="85%" id="mcps1.3.7.2.1.3.1.2"><p id="iam_13_0207__p181469210316">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_13_0207__row414616219312"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_13_0207__p15146132111315">201</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_13_0207__p41460211313">The identity provider is created successfully.</p>
</td>
</tr>
<tr id="iam_13_0207__row514610214315"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_13_0207__p31461721143118">400</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_13_0207__p814612119314">The server failed to process the request.</p>
</td>
</tr>
<tr id="iam_13_0207__row1914692112319"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_13_0207__p18146152173112">401</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_13_0207__p1414612115318">Authentication failed.</p>
</td>
</tr>
<tr id="iam_13_0207__row15146102113118"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_13_0207__p171461221173117">403</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_13_0207__p6147112116312">Access denied.</p>
</td>
</tr>
<tr id="iam_13_0207__row1614715219314"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_13_0207__p121477217319">404</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_13_0207__p151472218318">The requested resource cannot be found.</p>
</td>
</tr>
<tr id="iam_13_0207__row1214715219310"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_13_0207__p2147182115314">409</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_13_0207__p2147321103117">The resource already exists.</p>
</td>
</tr>
<tr id="iam_13_0207__row11147621153110"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_13_0207__p11147192116312">500</p>
</td>
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_13_0207__p714792103115">Internal server error.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0057845605.html">Identity Provider</a></div>
</div>
</div>
View Git Blame Copy Permalink