Creating an Identity Provider

Function

This API is provided for the administrator to create an identity provider. After creating an identity provider, register a protocol and modify the identity provider configuration.

The API can be called using both the global endpoint and region-specific endpoints.

Authorization Information

Each account is authorized to call all APIs, but its IAM users must obtain the required permissions. For details, see Permissions and Supported Actions.

URI

PUT /v3/OS-FEDERATION/identity_providers/{id}

**Table 1** URI parameters
Parameter	Mandatory	Type	Description
id	Yes	String	Identity provider name.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Fill application/json;charset=utf8 in this field.
X-Auth-Token	Yes	String	Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions.

**Table 3** Parameters in the request body
Parameter	Mandatory	Type	Description
identity_provider	Yes	Object	Identity provider information.

**Table 4** identity_provider
Parameter	Mandatory	Type	Description
sso_type	No	String	Definition Identity provider type. Constraints Each account can have only one type of identity provider. If you select iam_user_sso, you can create only one such identity provider. If you select iam_user_sso, ensure that you have created an IAM user on the cloud service platform. Range virtual_user_sso: The federated user is mapped to a virtual user after the login is redirected. iam_user_sso: The federated user is mapped to an IAM user after the login is redirected. Default Value virtual_user_sso
description	No	String	Description of the identity provider.
enabled	No	Boolean	Enabling status of the identity provider. true indicates that the identity provider is enabled. false indicates that the identity provider is disabled. The default value is false.

Response Parameters

**Table 5** Parameters in the response body
Parameter	Type	Description
identity_provider	Object	Identity provider information.

**Table 6** identity_provider
Parameter	Type	Description
sso_type	String	Definition Identity provider type. Constraints Each account can have only one type of identity provider. If you select iam_user_sso, you can create only one such identity provider. If you select iam_user_sso, ensure that you have created an IAM user on the cloud service platform. Range virtual_user_sso: The federated user is mapped to a virtual user after the login is redirected. iam_user_sso: The federated user is mapped to an IAM user after the login is redirected. Default Value virtual_user_sso
id	String	Identity provider ID.
description	String	Description of the identity provider.
enabled	Boolean	Enabling status of the identity provider. true indicates that the identity provider is enabled. false indicates that the identity provider is disabled. The default value is false.
remote_ids	Array of strings	List of federated user IDs configured for the identity provider.
links	Object	Identity provider resource link.

**Table 7** identity_provider.links
Parameter	Type	Description
self	String	Identity provider resource link.
protocols	String	Protocol resource link.

Example Request

Request for creating an identity provider and enable it

PUT https://iam.myhuaweicloud.eu/v3/OS-FEDERATION/identity_providers/{id}

{
    "identity_provider": {
        "sso_type": "iam_user_sso",
        "description": "Stores ACME identities.",
        "enabled": true
    }
}

Example Response

Status code: 201

The request is successful.

{
    "identity_provider": {
        "remote_ids": [],
        "enabled": true,
        "id": "ACME",
        "sso_type": "iam_user_sso",
        "links": {
            "self": "https://iam.myhuaweicloud.eu/v3/OS-FEDERATION/identity_providers/ACME",
            "protocols": "https://iam.myhuaweicloud.eu/v3/OS-FEDERATION/identity_providers/ACME/protocols"
        },
        "description": "Stores ACME identities."
    }
}

Status Codes

Status Code	Description
201	The request is successful.
400	Invalid parameters.
401	Authentication failed.
403	Access denied.
404	The requested resource cannot be found.
405	The method specified in the request is not allowed for the requested resource.
409	A resource conflict occurs.
413	The request entity is too large.
500	The request entity is too large.
503	Service unavailable.

Error Codes

None

Parent topic: Identity Providers

Previous topic: Querying Identity Provider Details

Next topic: Modifying a SAML Identity Provider

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.