Updated on 2023-09-14 GMT+08:00

Creating an Identity Provider

Function

This API is provided for the administrator to create an identity provider. After creating an identity provider, register a protocol and modify the identity provider configuration.

The API can be called using both the global endpoint and region-specific endpoints.

URI

PUT /v3/OS-FEDERATION/identity_providers/{id}

Table 1 URI parameters

Parameter

Mandatory

Type

Description

id

Yes

String

Identity provider name.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

Content-Type

Yes

String

Fill application/json;charset=utf8 in this field.

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.

Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

identity_provider

Yes

Object

Identity provider information.

Table 4 identity_provider

Parameter

Mandatory

Type

Description

sso_type

No

string

Identity provider type. The following two types are supported:

  • virtual_user_sso: The federated user is mapped to a virtual user after the login is redirected.
  • iam_user_sso: The federated user is mapped to an IAM user after the login is redirected. If you select this type, ensure that you have created an IAM user on Huawei Cloud.

The default value is virtual_user_sso.

description

No

String

Description of the identity provider.

enabled

No

Boolean

Enabling status of the identity provider. true indicates that the identity provider is enabled. false indicates that the identity provider is disabled. The default value is false.

Response Parameters

Table 5 Parameters in the response body

Parameter

Type

Description

identity_provider

Object

Identity provider information.

Table 6 identity_provider

Parameter

Type

Description

sso_type

string

Identity provider type.

id

String

Identity provider ID.

description

String

Description of the identity provider.

enabled

Boolean

Enabling status of the identity provider. true indicates that the identity provider is enabled. false indicates that the identity provider is disabled. The default value is false.

remote_ids

Array of strings

List of federated user IDs configured for the identity provider.

links

Object

Identity provider resource link.

Example Request

Request for creating an identity provider and enable it

PUT https://iam.myhuaweicloud.eu/v3/OS-FEDERATION/identity_providers/{id}
{
    "identity_provider": {
        "description": "Stores ACME identities.",
        "enabled": true
    }
}

Example Response

Status code: 201

The request is successful.

{
    "identity_provider": {
        "remote_ids": [],
        "enabled": true,
        "id": "ACME",
        "sso_type": "iam_user_sso",
        "links": {
            "self": "https://iam.myhuaweicloud.eu/v3/OS-FEDERATION/identity_providers/ACME",
            "protocols": "https://iam.myhuaweicloud.eu/v3/OS-FEDERATION/identity_providers/ACME/protocols"
        },
        "description": "Stores ACME identities."
    }
}

Status Codes

Status Code

Description

201

The request is successful.

400

Invalid parameters.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

405

The method specified in the request is not allowed for the requested resource.

409

A resource conflict occurs.

413

The request entity is too large.

500

The request entity is too large.

503

Service unavailable.

Error Codes

None