Help Center/ Identity and Access Management/ API Reference/ API/ Federated Identity Authentication Management/ Metadata/ Querying the Metadata File of Keystone
Updated on 2023-09-14 GMT+08:00
View PDF

Querying the Metadata File of Keystone

Function

This API is used to query the metadata file of Keystone.

The API can be called using both the global endpoint and region-specific endpoints.

URI

GET /v3-ext/auth/OS-FEDERATION/SSO/metadata

Request Parameters

Table 1 Parameters in the request header

Parameter

Mandatory

Type

Description

unsigned

No

Boolean

Indicates whether to sign metadata according to SAML 2.0. The default value of this parameter is false.

Response Parameters

None

Example Request

Request for querying the metadata file of Keystone

GET https://iam.myhuaweicloud.eu/v3-ext/auth/OS-FEDERATION/SSO/metadata

Example Response

Status code: 200

The request is successful.

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor ID="Mc106d5b14b70a4945fa270d8b52d0ed" entityID="https://iam.myhuaweicloud.eu" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#Mc106d5b14b70a4945fa270d8b52d0ed">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>GmS+Nvta/AvNy4fE7dFID5D+P1U=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ljRL...</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIC...</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <md:SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>MIIC...</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:KeyDescriptor use="encryption">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>MIIC...</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:NameIDFormat xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://iam.myhuaweicloud.eu/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST" index="0" isDefault="true" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://iam.myhuaweicloud.eu/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP" index="1" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>

Status Codes

Status Code

Description

200

The request is successful.

500

Internal server error.

503

Service unavailable.

Error Codes

None

Parent topic: Metadata