Updated on 2024-07-09 GMT+08:00

Basic Configuration

Procedure

  1. Sign in to Huawei Cloud as a partner. On the top navigation bar, select Support > Open APIs.
  2. Click the Configure icon in the flowchart to switch to the Configure page.

  3. Set the parameters based on Table 1. After the configuration is complete, click OK.

    Table 1 Parameter descriptions

    Parameter

    Description

    Basic Information

    IDP metadata file (enterprise identity provider metadata file)

    Indicates the IDP Metadata file in .xml format generated by the partner sales platform according to the SAML protocol standards.

    The file must be in the .xml format, and its size cannot exceed 2 MB.

    For details about how to generate the IDP metadata file, see Generating the IDP Metadata File.

    Notification URL

    Indicates the callback address provided by the partner sales platform for receiving the association result. Using an address in HTTPS is recommended. For details, see Association Result Notification API.

    Upload Photos of Handheld ID Cards Required for Real-Name Authentication

    If a partner's customers buy products from HUAWEI CLOUD Chinese mainland website and want to perform real-name authentication, customers need to upload pictures of the certificates for HUAWEI CLOUD to read to complete the real-name authentication. For details about how to upload the attachment for real-name authentication, see How Do I Upload the Attachment for Real-Name Authentication?

    File Subscription

    • After you subscribe to the partner bill (customer consumption details), you can rate your customers, and your sales platform will generate the customer bills based on this bill and then you can perform reconciliation with HUAWEI CLOUD.
    • You can subscribe to customer resource usage details and view resource usage details of all your customers or a specified customer on the partner sales platform. Customers can view their own resource usage details on the partner sales platform.

  4. Specify bucket information if you have enabled the real-name authentication or file subscription.

    Table 2 Bucket parameters

    Parameter

    Description

    AK

    Indicates the Access Key ID (AK) which is used when the partner sales platform accesses the OBS client or SDK. For details about how to obtain the AK, see Obtaining an AK/SK.

    SK

    Indicates the Secret Access Key (SK) which is used when the partner sales platform accesses the OBS client or SDK. For details about how to obtain the SK, see Obtaining an AK/SK.

    Bucket Name

    Indicates the name of the bucket created by the partner. Only OBS buckets purchased on Huawei Cloud in the Hong Kong region can be used.

Association Result Notification API

If the partner sales platform connects to HUAWEI CLOUD by switching to the HUAWEI CLOUD portal, the partner needs to provide a callback API for HUAWEI CLOUD sending the association result to the partner. An HTTPS URL is recommended.

The partner needs to comply with the following requirements when defining and developing this API.

  1. URL

    POST https://www.example.com/bind

  1. Request Parameters

    The request parameters are in Form Data format.

    Table 3 Parameter information

    Parameter

    Description

    Example

    bindRequest

    Indicates the message body of the association result (JSON format). The message is coded using BASE64.

    For details about the parameters in the JSON message body, see Table 4.

    EYJKB21HAW5OYW1LIJOIEW9UZ3POASISIMRVBWFPBKLKIJOIEW9UZ3POAWLKIIWIEFVZZXJJZCI6INLVBMD6AGL4IIWIYMLUZEFJDGLVBII6MX0%3D

    SigAlg

    Indicates the signature algorithm. SHA256 is used for signature by default.

    HTTP://WWW.W3.ORG/2001/04/XMLDSIG-MORE#RSA-SHA256

    HTTP%3A%2F%2FWWW.W3.ORG%2F2001%2F04%2FXMLDSIG-MORE%23RSA-SHA256

    Signature

    Indicates the signature. The signature is used to verify the initiator of a request.

    When HUAWEI CLOUD initiates a request, it uses the private key and the bindRequest value in the request to obtain the signature. When receiving the request, the receiver verifies the signature using the public key provided by HUAWEI CLOUD (the value in the <ds:X509Certificate></ds:X509Certificate> tag in the SP Metadata file).

    If the signature verification succeeds, the request is sent by HUAWEI CLOUD, and the follow-up operations can be performed. Otherwise, the request is invalid.

    SWCFTCP4NKMU%2BOBH1FCSXFY0DL31BGNH4EXUGTQY%2BSPLXC%2B94NXSS%2FRHPWYE9TXVNVSPTR6XRWBZLVHTBDRGLGC0OPTTCFYD4D3%2F6PMESNG5C4BPT

    Table 4 Parameters in the bindRequest JSON message

    Parameter

    Parameter Type

    Description

    xUserId

    String

    Indicates the user ID of the partner's customer on the partner sales platform.

    xAccountId

    String

    Indicates the ID of the customer account created on the partner sales platform. An account ID must be unique and is better to be consistent with the domainName.

    domainName

    String

    Indicates the HUAWEI CLOUD account of the partner's customer. This account will be used when the API is invoked.

    domainId

    String

    Indicates the HUAWEI CLOUD account ID of the partner's customer. This ID will be used when the API is invoked.

    userName

    String

    Indicates the HUAWEI CLOUD username of the partner's customer.

    userId

    String

    Indicates the HUAWEI CLOUD user ID of the partner's customer.

    exporetime

    String

    Indicates the time when a request expires. The value is in UTC format.

    Example: 2017-07-31T07:40:14.004Z

    bindAction

    String

    Indicates the association result.

    • 0: indicates that the association is successful.
    • 1: indicates that the association failed.

    Table 4 lists the account name, username, account ID, and user ID because HUAWEI CLOUD IAM has account and username concepts. For details about the two concepts, see "Account" and "IAM User" in Identity Management.

Follow-Up Procedure

If you find any parameters are incorrectly configured, you can modify the configuration.

  1. On the top navigation bar, select Support > Open APIs.
  2. Click the access configuration icon or View or Modify API Configuration under the icon.

    The access configuration page is displayed.

  3. Click Modify and modify the configuration as required.

    If the IDP Metadata file is incorrectly configured, click Download Metadata File to download the file to the local, modify and save it, click Modify, and then upload the file again.