All Documents
Partner CenterPartner Center
-
User Guide
- Overview
- HCPN Overview and Common Operations
- Joining HCPN
- Joining the Partner Program
- Partner Account Management
- Partner Benefit Request
- Partner Training and Certification Guide
-
Solution Partners
- Transaction Models
- Sales Management
-
Customer Business
-
Customer Management
- Querying Customers
- Setting Monthly Budgets for Customers
- Freezing a Customer Account
- Managing Customer Association Relationships
- Setting Discounts for Customers
- Viewing a Customer's Resources
- Placing Orders on Customers' Behalf
- Performing Resource O&M for Customers
- Assigning an Account Manager for a Customer
- Customer Development
- Business Opportunities
- Customer Expenditures
- Assigning Customers to an Account Manager
- Customer Order Management
-
Customer Management
- Financial Information
- Operation Statistics
- Huawei Cloud Partner Service Provider
-
Resellers of Huawei Cloud Partner Service Provider
- Transaction Model
- Accepting the Huawei Cloud Partner Service Provider Cooperation Invitation
- Account Management
- Customer Business
- Operations Dashboard
- Operations of Sub-customers of Solution Partners
- Help and Feedback
- Viewing the Document Library
- Appendix
- Change History
-
Developer Guide
- Change History
- Development Scenario Introduction (Reseller Model)
- Access Configuration
- (Optional) Customizing HUAWEI CLOUD Management Console
- Product Management
- Customer Management
- Transaction Management
- Cloud Service Resource Management
- Bill Management
- Invoice Management
- Managing Service Tickets
- Appendix
-
API Reference
- Change History
- Partner Operation Capability API (Reseller Model)
- API Invoking Methods
- Product Management
- Customer Management
-
Transaction Management
- Managing Customers' Budgets
- Coupons Management
- Managing Yearly/Monthly Orders
-
Managing Yearly/Monthly Resources
- Querying Customer's Yearly/Monthly Resources
- Renewing Subscription to Yearly/Monthly Resources
- Unsubscribing from Yearly/Monthly Resources
- Enabling Automatic Subscription Renewal for Yearly/Monthly Resources
- Disabling Automatic Subscription Renewal for Yearly/Monthly Resources
- Enabling/Canceling the Change from Yearly/Monthly to Pay-per-Use upon Expiration
- Managing Resource Packages
- Managing Pay-Per-Use Resources
- Bill Management
- Invoice Management
- Managing Service Tickets
-
API to Be Brought Offline
- Product Management
- Customer Management
- Transaction Management
- Bill Management
- Appendix
-
Appendix
- Switching to the HUAWEI CLOUD Page and Binding the HUAWEI CLOUD Account
- How Do I Obtain the xaccountType Value?
- How Can I Replace a Partner Token with a Customer Token
- File Subscription
- How Do I Upload the Attachment for Real-Name Authentication?
- Support for Discounts or Coupons
- Status Code
- Error Codes
-
FAQs
- Overview
-
HUAWEI CLOUD Partner Network
- What Is a Partner Program?
- What Is a Partner Program Tier?
- What Are the Benefits for a Partner Program Tier?
- What Is the Requirements of a Partner Program Tier?
- How Do I Choose Between the HUAWEI CLOUD Partner Network (HCPN) Consulting Partner and Technology Partner?
- What Are the Differences Between HCPN Partners and Solution Partners?
- How Do I Meet the Revenue Requirements When Applying for Joining HCPN Without any Revenue for the First Time?
- How Is the Revenue of a Technology Partner Measured and Where Does the Revenue Come from?
- How Do Partners Receive Training and Take Exams?
- How Can I Obtain HCIA-Cloud Service Exam Vouchers and HCIP-Cloud Service Solutions Architect Exam Vouchers?
- Can I Start from a Premier Partner Directly?
- Are There Any Special Policies for Partners Won Back from Competitors?
- How Can I Apply to Become a Strategic Partner?
- Is Real-Name Authentication Required for Becoming a Partner?
- Does a Partner Need to Bind a Credit Card During the Application Process?
-
Solution Partners
-
Partner Policies
- What Is the Solution Partner Program?
- What Are the Requirements for Joining the Solution Partner Program?
- What Are the Benefits of Joining the Solution Partner Program?
- What Is the Solution Partner Revenue? How Do I Calculate the Revenue?
- What Are Solution Partner Incentives?
- Are Cloud Resources Used by Solution Partners Themselves Included in the Sales Revenue?
- Is the Consumption Using Coupons Issued by HUAWEI CLOUD Included in Sales Revenue?
- Is Customers' Consumption for New Resources Differentiated from That for Renewal in Partners' Revenue?
- How Can Partners Apply for Additional POC Test Coupons?
- How Are Incentive Earnings Distributed?
- How Long Is the Validity Period of the Referral and Reseller Models?
- What Is the Transaction Mode for the Referral and Reseller Model?
- How Do Partners Set Discounts for Customers?
- What Does the Account Information, Amount Due, and Account Balance of the Partner Center Mean?
- Does a Solution Partner Need Product Authorization to Sell HUAWEI CLOUD Products and Services?
- Does Each Country Has One HUAWEI CLOUD Partner Policy Designed?
- Do Solution Partners Need to Make Payment to HUAWEI CLOUD in Advance for Overstock?
- Does a Partner Need to Provide Services for Customers Associated in the Referral Model?
- Does HUAWEI CLOUD Set Budgets for Partners? What Is the Relationship Between This Function and Budget Setting by Partners for Reseller Customers?
-
Registration and Authentication
- How Do Organization Members Created by a Partner Change Their Passwords?
- How Do I View My Partner Qualification Information?
- How Do I Become a HUAWEI CLOUD Solution Partner?
- If I Want to Become a Solution Partner, What Do I Do When I Am Prompted to Bind a Credit Card During Account Registration?
- How Do I Join the HCPN Solution Partner Program When I Already Have My HUAWEI CLOUD Account Bound with a Credit Card?
- How Do I Join HCPN Solution Partner Program When My Account Has Purchased HUAWEI CLOUD Services?
- Why Can't I Purchase HUAWEI CLOUD Services Using My Solution Partner Account?
- How Does a Solution Partner Try HUAWEI CLOUD Services?
- How Do I Join the Technology Partner Program as a Solution Partner?
- Can I Try HUAWEI CLOUD Services After I Join the Technology Partner Program?
- What Can I Do If I Reject the Partner Certification Application in the CBC System by Misoperation?
- Can a Partner Account Be Deregistered?
- Can I Associate My Solution Partner Account with My Technology Partner Account?
- Can a Partner Registered in Country A Register as a HUAWEI CLOUD Solution Partner in Country B?
- Why Cannot I Bind a Credit Card to My Account If I Want to Become a Solution Partner?
- Can I Bind a Bank Card of Country B to an Account Registered in Country A?
- When Do I Need to Renew My Partner Program Certificates and How Do I Renew Them?
-
Association and Disassociation
- What Are the Precautions for Associating a Customer with a Partner?
- How Can I Change the Association Type for My Customers?
- How Does a Partner Send Invitation Links?
- How Does a Partner Create a QR Code for Developing Customers?
- Can Partners Pre-register a Project?
- What Can I Do If I Fail to Pre-register a Customer? If I Pre-register a Customer Successfully, Is the Customer Successfully Associated with Me?
- Do HUAWEI CLOUD Solution Partners Need to Pre-Register Customer Projects When Developing Customers?
- What Should I Enter for HUAWEI CLOUD BD When I Register an Opportunity?
- Consumption Quota
-
Business Information Authentication
- What Is the Relationship Between the Country/Region Specified When the Partner Account Is Registered and the Registered Country/Region of the Partner Legal Entity? Can They Be Different?
- Can I Enter My Company Name in a Language Other Than Chinese or English During Business Information Certification?
- Do All Solution Partners Need Business Information Certification?
- What Are the Differences Between Solution Partner Certification and Payment Information Authentication?
- How Can I Choose the Tax Rate for Payment Information Authentication in the HUAWEI CLOUD Partner Center?
- What Should Partners Do If Payment Information Authentication Failed When Bank Information Is Correct?
- What Can I Do If the Bank Information Is Incorrect or Has Changed?
- Why Is the Associated Information Questionnaire Is Required During Accreditation?
- Why Is Payment Information Authentication Delayed?
- Can a Solution Partner Change Its Registration Country?
-
Incentive Settlement
- What Are Partner's Revenue and Incentives?
- When Does Huawei Start Reconciliation and Settle Incentives After Customers Purchase Cloud Services?
- Where Can I View My Incentive Data?
- What Are the Differences Between Incentives from Reseller Customers and Incentives from Referral Customers?
- How Can I Confirm My Incentives? How Do I Map the Data to the Policies That I Enjoy?
- How Does HUAWEI CLOUD Distribute (or Pay) the Incentive Earnings?
- When Do Partners Need to Issue Invoices to HUAWEI CLOUD?
- Why Cannot I View the Billing List Page?
- Where Do I Mail the Invoices? What Else Is Required in Addition to the Invoices?
- What Are the Incentive Invoice Requirements?
- What Is the Settlement Currency Used If I Choose Transfer to bank account?
- What Tax Should Be Deducted When the Incentives Are Paid?
- When Can I Get the Coupons When I Choose Exchange for cash coupons?
- When Can I Get the Incentive Earnings After I Mail the Invoices?
-
Discounts and Coupons
- Can a Partner Set Discounts for Customers? What Is the Discount Range?
- Can a Product Be Bought Using a Cash Coupon Alone?
- After a Customer Associates with a Partner, Can the Customer's Account Balance Still Be Used?
- What Is a Cash Coupon Quota and How Do I Use It?
- What Are the Cash Coupon Usage Rules and Can the Coupons Be Used Together with Commercial and Promotion Discounts?
- Can I Use Multiple Cash Coupons at a Time?
- Why Can't I Find My Cash Coupon Converted from My Historical Cash Coupon Quota?
- What Are Test Coupons?
- Are There Any Limits on Using Test Coupons and How Do I Use Test Coupons?
- Will Customer Resources Be Automatically Deleted After Test Coupons Are Used Up?
- Will I Fall Into Arrears After Test Coupons Are Used Up?
- Is the Consumption Generated by Test Coupons Counted into Partner Revenue?
- How Can I Request Test Coupons as a Solution Partner?
- How Can I Request Test Coupons as a Carrier Partner?
- Is There Any Limit on the Test Coupon Amount That Can Be Requested?
- Why Is My Cash Coupon Quota Missing? How Do I Use the New Cash Coupons?
-
Other
- How Does a Partner View Customers' Unsubscription Details?
- How Does a Partner Change the Account Name?
- How Do I Change a Mobile Number?
- How Do I Change an Email Address?
- How Do I Download a Partner Program Certificate, and How Can I View the Validity Period of the Certificate?
- Why I Fail to Receive a Verification Code When Registering a Partner Account?
- How Can I Configure Email and SMS Notifications for Specific Personnel to Send Financial Information to Them?
- How Does HUAWEI CLOUD Define the Payment Deadline for Partners?
- How Do I View and Download the HCPN Certification Agreement and the Huawei Cloud Solution Partner Cooperation Agreement?
- How Do I Pay Yearly/Monthly Products?
- What Are the Impacts If a Partner Revokes Its Reseller Customers' Permission to View Bills or Cost in the Billing Center?
- What Are the Statistical Rules of the Expenditure Dashboard?
- How Do I View the Expenditure Summary After the Expenditure Summary Module Has Been Moved from the Customer Expenditure Page to the Expenditures Page?
- What Are the Impacts of Bill Run Mechanism Adjustment on Partners?
- How Do I Create a Service Ticket?
- How Do I View the Service Ticket Processing Progress?
-
Partner Policies
-
Sub-customers of Solution Partners
- Where Can a Customer View the Invitations?
- What Is the Applicable Scope of Discounts Granted by Partners?
- How Do Customers View Their Associated Partners?
- When Will a Customer Be Notified After the Customer Is Associated with a Partner?
- Can Customers Place Orders on the HUAWEI CLOUD Official Website? Do Customers Need to Ask Their Partners to Do That for Them?
- How Long Is the Validity Period of an Invitation Link Sent by Partners?
- How Can a Customer View the Discounts Set by a Partner?
- What Should I Do If I Cannot Be Associated with a Partner?
- How Can a Customer Disassociate from a Partner?
- How Do Referral Customers Use the Discount Granted by the Partner?
- Can a Reseller Customer Purchase Pay-per-Use Products If Its Partner Sets the Budget to 0? Will This Incur Overdue Payment?
- Why Are My Cash Coupons Missing?
- Service Partners
- SaaS Partners
- Marketplace Partners
- AI Partners
-
Carrier Partners
- How Can Carrier Partners Join the Carrier Partner Program?
- How Can Carrier Partners Meet the Requirements for Strategic Consulting Partners?
- Does Each Carrier Partner Need to Sign Agreements in Addition to the HUAWEI CLOUD HCPN Standard Certification Agreement?
- How Can Carrier Partners Succeed with HCPN?
- What Support Can HUAWEI CLOUD Provide for Carrier Partners?
-
Partner Training and Certification
- Some Role-based Training Courses for Partners Are Unavailable. What Should I do?
- What Is the Relationship Between the Professional Accreditation Required in the Partner Program and the Partner's Role-based Training Courses?
- Where Are the Exams for Professional Accreditation Required in the Partner Program?
- Do I Have to Pass the Professional Accreditation Before the Career Certification?
- Should I Follow Certain Sequence in Career Certification?
- How Can I Participate in HUAWEI CLOUD Career Certification?
- Does the Certification Exam Incur Any Charges?
- How Can I Obtain Exam Coupons?
- Partner Market Development Fund
- Partner Brand Marketing
Updated at: Apr 13, 2022 GMT+08:00
Web UI Mode
After logging in to the partner sales platform, a customer can directly switch to HUAWEI CLOUD to purchase cloud services and manage cloud service resources. The partner sales platform must complete SAML authentication to establish a trust relationship with HUAWEI CLOUD.
Prerequisites
The partner has performed steps in Access Configuration.
SAML Authentication
Figure 1 shows the SAML authentication process.
- A partner's customer uses a browser to call the HUAWEI CLOUD login link. IAM sends the SAML request.
- The customer uses a browser to call the HUAWEI CLOUD login link.
https://auth-intl.huaweicloud.com/authui/saml/login?xAccountType=ZXT&isFirstLogin=false&service=https%3a%2f%2fconsole-intl.huaweicloud.com%2fiam%2f
Parameter
Mandatory
Description
Example
xAccountType
Yes
Indicates the identifier of the partner sales platform, which is globally unique. The value is provided by Huawei. After the partner configures the access parameters on the Partner Center page, the partner ID is generated. For details about how to obtain the platform ID, see How Do I Obtain the xaccountType Value?
ZXT
isFirstLogin
No
If no HUAWEI CLOUD account is bound, this parameter is mandatory and must be set to true. Otherwise, the value can be left empty or set to false.
After the account creation API is successfully called to create a customer account, HUAWEI CLOUD CBC has bound the customer account on the partner sales platform with the customer HUAWEI CLOUD account.
false
service
Yes
Indicates the redirection address after login.
The encodeURIComponent function is used for coding.
https%3a%2f%2fconsole-intl.huaweicloud.com%2fiam%2f
- IAM receives the login request of the partner's customer, locates the SingleSignOnService configuration item in the IDP Metadata.xml file based on the xAccountType value, and sends the samlRequest request to the required path.
Parameter
Description
SAMLRequest
Indicates the response message body.
The response message is in XML format. IAM then compresses the message, encodes the message using Base64, and URL encodes the message.
- If the partner uses the SAML toolkits, this parameter can be directly used. The partner does not need to parse the XML file.
- If the partner needs to parse the XML file, the partner needs to URL decode the message, decode the message using Base64, and decompress the message (zip.inflate). For details, see Sample Code for Parsing the SAMLRequest.
RelayState
Indicates the response parameters for SAML.
SigAlg
Indicates the signature algorithm. Huawei uses SHA256 for signatures by default.
HTTP://WWW.W3.ORG/2001/04/XMLDSIG-MORE#RSA-SHA256
Signature
Indicates the signature. The signature is used to verify the initiator of a request.
When initiating a request, HUAWEI CLOUD uses the private key to sign SAMLRequest={ SAMLRequest }&RelayState={ RelayState } &SigAlg={ SigAlg } in request https://www.test.com/saml/login?SAMLRequest={SAMLRequest }&RelayState={ RelayState} &SigAlg={ SigAlg}&Signature={ Signature } and then performs Base64 coding to obtain the signature value.
The signature algorithm is specified by the SigAlg field.
When receiving the request, the receiver verifies the signature value using the public key provided by HUAWEI CLOUD (the value in the <ds:X509Certificate></ds:X509Certificate> tag in the SP Metadata.xml file).
If the signature verification succeeds, the request is sent by HUAWEI CLOUD, and the follow-up operations can be performed. Otherwise, the request is invalid.
- The customer uses a browser to call the HUAWEI CLOUD login link.
- The partner sales platform generates the SAML response message and sends it to HUAWEI CLOUD IAM.
- The partner sales platform obtains the HUAWEI CLOUD public key and the response message path of samlResponse from the SP Metadata.xml file. For details, see Example, Public Key, and Response Path in Obtaining the SP Metadata File
- The partner sales platform generates the SAML response message.The response message body is in XML format. For the correct response message body and its parameter description, see the following displayed content.
The following content is for reference only. The description in the comments must be modified. The time and ID defined by SAML vary depending on the message. Therefore, it is recommended that you should not directly modify the response message content. Instead, you shall use the SAML toolkits to generate the response message.
<?xml version="1.0" encoding="UTF-8"?> <!-- Parameter InResponseTo needs to be the same as the ID configuration item of AuthnRequest in the SAML request message. --> <!-- Parameter Destination needs to be the same as the Location value in the AssertionConsumerService tag in the SP Metadata.xml file. --> <saml2p:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" ID="_d794dc393ae6724e236003bf0b917cf0" Destination=" https://auth.huaweicloud.com/authui/saml/SAMLAssertionConsumer"InResponseTo="_dck4mm08qmdhc8k4nuir07hghetdqqg8umg5" IssueInstant="2018-10-30T08:21:41.740Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <!-- Must be the same as the entityID value in the IDP Metadata.xml file. --> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.test.com</saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> <saml2p:StatusMessage>urn:oasis:names:tc:SAML:2.0:status:Success</saml2p:StatusMessage> </saml2p:Status> <saml2:Assertion ID="_2320c40ac7b5e857b2d0d4ea0c8758c3" IssueInstant="2018-10-30T08:21:41.740Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <!-- Must be the same as the entityID value in the IDP Metadata.xml file. --> <saml2:Issuer>https://www.test.com</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <!-- The value after "URI #" must be the same as the ID in the Assertion tag. --> <ds:Reference URI="#_2320c40ac7b5e857b2d0d4ea0c8758c3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <!-- The value of DigestValue is the digest of the Assertion tag object. The digest algorithm is the same as that of DigestMethod. --> <ds:DigestValue>rFxrycznfGNYOnprZIFJJou4ro0Mz65+43MIR5F0+H4=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <!-- Partner signature value. For details about how to obtain the value, see the following description. --> <ds:SignatureValue> YqTWQngAPfGqQmWa610PM7LeefqWdKuveUVINrqL67NoHJIDa2WxLwdVzoJIlJh64QiNPr6+ndmL DCMgIC5F/9ijuzhIICZcc6lHNIjy6EsPkKRjfo9oeoVAqLgG/kmVQYeHLBID0y11RNXXpAVY4nhJ 26KiIVGt7ywyKAmhichE+eW/UYAGiOI5vkfgD2gZUGV+yPkv64k7xK4yAH3mL2NaCPuw/90e4enm iUx0YuazDwM5FiRUSMpcJs0rcNmS6clWAUcCzbOx+y2vJGtTjHb7k3UsmpnTop5eYNp94+sDPEat 8FaV4SgafMEL5z54gpe8+//9yOWEvlBs1b0RYg== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <!-- Partner public key certificate. The certificate must be the one specified in the IDP Metadata.xml file. --> <ds:X509Certificate> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhK3L160NjP9EhBGQOC2s4r+Wc62bkRkc nUxfhiZwCwJdQCykzuLOAoATnfoEamV5W25xtSS5kFs+4OC0mYVpKcI3SWoydX+UE5Qik5UfJ8Dt G1AvSEKhSluyO9axrV5Uv089jMxBnlm/R+xND73WcZM11yIbKJEZSTCEDfh+KnFbMw108umFMden RZCrNWUJoSp/90XeG0V2Nmj7Fkq72skSifwIASLRq9KqLbmh1QwUX+AoWpHK/jRUBustMBmG1n1i AqpD4EBjjBOB27k1wXZ30+IoJt8IZmfSZRFoNn5VFWXNeEmZ1aQvGSvd3Tyyw2/Wr+w/8Mags69C mpeX6QIDAQAB </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <!-- The value of NameQualifier must be the same as the entityID value in the SP Metadata.xml file. --> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://auth.huaweicloud.com/">Some NameID value</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <!-- Parameter InResponseTo needs to be the same as the ID configuration item of AuthnRequest in the samlRequest message. --> <saml2:SubjectConfirmationData InResponseTo="_dck4mm08qmdhc8k4nuir07hghetdqqg8umg5" NotBefore="2018-10-28T08:21:41.740Z" NotOnOrAfter="2018-11-01T08:21:41.740Z" Recipient="https://auth.huaweicloud.com/authui/saml/SAMLAssertionConsumer" /> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2018-10-28T08:21:41.740Z" NotOnOrAfter="2018-11-01T08:21:41.740Z"> <saml2:AudienceRestriction> <!-- Must be the same as the entityID value in the SP Metadata.xml file. --> <saml2:Audience>https://auth.huaweicloud.com/</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AttributeStatement> <!-- For values between<saml2:AttributeValue> and </saml2:AttributeValue>, see the following table. --> <saml2:Attribute FriendlyName="xUserId" Name="xUserId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">*******</saml2:AttributeValue> </saml2:Attribute> <!-- The values of xAccountId and xUserId must be the same. --> <saml2:Attribute FriendlyName="xAccountId" Name="xAccountId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">********</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="bpId" Name="bpId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">******</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="email" Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string" /> </saml2:Attribute> <saml2:Attribute FriendlyName="name" Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">******</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute FriendlyName="mobile" Name="mobile" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">*****</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> <saml2:AuthnStatement AuthnInstant="2018-10-30T08:21:41.741Z"> <!-- Must be the same as the entityID value in the SP Metadata.xml file. --> <saml2:SubjectLocality Address="https://auth.huaweicloud.com/" /> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </saml2p:Response>The partner signature value is in standard XML format, and the signature type is enveloped-signature. You are advised to use the SAML library provided by a third party for signature.
The signature procedure is as follows.
- Obtain the signature object (Assertion).
<saml2:Assertion ID="_2320c40ac7b5e857b2d0d4ea0c8758c3" IssueInstant="2018-10-30T08:21:41.740Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> ...... </saml2:Assertion> - Obtain the tag object (Signature).
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256" /> <ds:Reference URI="#_2320c40ac7b5e857b2d0d4ea0c8758c3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" /> <ds:DigestValue>......</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <!-- Third-party signature value --> <ds:SignatureValue> ...... </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <!-- Third-party public key certificate --> <ds:X509Certificate> ...... </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> - Generate the DigestValue value for the signature object Assertion.
- Convert Assertion according to the algorithm defined in Transform of Signature.
- Generate a digest for the object obtained in 1) according to the algorithm specified in DigestMethod.
- Place the generated digest value in the DigestValue tag.
- Use the private key in Step 6 in Generating a Certificate to generate the SignatureValue value for the SignedInfo object signature.
- Convert SignedInfo according to the algorithm defined in CanonicalizationMethod
- Generate the signature value for the object obtained in 1) according to the signature algorithm defined in SignatureMethod. Place the obtained signature value in SignatureValue.
- Combine the values of DigestValue and SignatureValue to form the final Signature object. Place the value in Assertion as its sub-element.
The signature is displayed as follows.
<saml2:Assertion ID="_2320c40ac7b5e857b2d0d4ea0c8758c3" IssueInstant="2018-10-30T08:21:41.740Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> ...... <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ...... <!-- Third-party signature value --> <ds:SignatureValue> ...... </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <!-- Third-party public key certificate --> <ds:X509Certificate> ...... </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </saml2:Assertion>Table 1 Description of parameters between <saml2:AttributeValue> and </saml2:AttributeValue> Parameter
Description
xUserId
Indicates the user ID of the partner's customer on the partner sales platform. This parameter value equals the value of xAccountId.
xAccountId
Indicates the account ID of the partner's customer on the partner sales platform.
bpId
Indicates the partner ID.
For details about how to obtain the partner ID, see How Do I Check the Partner ID?.
email
Indicates the email address.
This parameter is optional.
The parameter must meet the following requirements:
- Must be unique for each customer.
- A maximum of 64 characters
- Passes the verification using the following regular expression: ^[azA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[azA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$
name
Indicates the account name transferred on the partner sales platform.
This parameter is optional.
The account name must be the same as the value of domain_name in the request for API in Creating a Customer.
Table 1 involves the account ID and user ID because HUAWEI CLOUD IAM has the account and user concepts. For details about the two concepts, see "Account" and "IAM User" in Basic Concepts.
- Obtain the signature object (Assertion).
- If the customer has logged in to the partner sales platform, the SAML response message is returned directly. Otherwise, the SAML response message is displayed after the login.
Send a POST request to the HUAWEI CLOUD response path AssertionConsumerService in 2.a. The parameters must be in the Form Data format.
Parameter
Description
SAMLResponse
Identifies the string obtained by encoding the SAML response message body in 2.b using Base64.
RelayState
The value of this parameter is the same as that in the SAML request message.
- IAM parses the SAMLResponse. When the customer account creation API is called to create an account, HUAWEI CLOUD CBC binds the customer account on the partner sales platform with the HUAWEI CLOUD account. Therefore, the customer can be redirected to the service page and purchase and manage the cloud services.
Parent topic: API Invoking Methods
