Updated on 2022-08-16 GMT+08:00

Querying the Mapping List

Function

This API is used to query the mapping list.

URI

GET /v3/OS-FEDERATION/mappings

Request Parameters

  • Parameters in the request header

    Parameter

    Mandatory

    Type

    Description

    Content-Type

    Yes

    String

    Fill application/json;charset=utf8 in this field.

    X-Auth-Token

    Yes

    String

    Authenticated token.

  • Example request
    curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -H "X-Auth-Token:$token" -X GET https://sample.domain.com/v3/OS-FEDERATION/mappings

Response Parameters

  • Parameters in the response body

    Parameter

    Mandatory

    Type

    Description

    mappings

    Yes

    Array

    List of mappings.

    links

    Yes

    Object

    Mapping resource link.

  • mappings parameter description

    Parameter

    Mandatory

    Type

    Description

    id

    Yes

    String

    Mapping ID.

    rules

    Yes

    Object

    Rule used to map federated users to local users

    Example rule for SAML:

     "rules": [
                {
                    "local": [
                        {
                            "user": {
                                "name": "{0}"
                            }
                        },
                        {
                            "group": {
                                "name": "0cd5e9"
                            }
                        }
                    ],
                    "remote": [
                        {
                            "type": "UserName"
                        },
                        {
                            "type": "orgPersonType",
                            "not_any_of": [
                                "Contractor",
                                "Guest"
                            ]
                        }
    
                    ]
                }
            ]

    local: indicates the information about a federated user in the cloud system.

    • user: indicates the name of a federated user in the cloud system. {0} indicates the first attribute of the user information in remote.
    • group: indicates the user group to which a federated user belongs in the cloud system.

    remote: indicates the information about a federated user in the IdP. This expression is a combination of assertion attributes and operators. The value of remote is determined based on the assertion.

    • "type": "UserName" indicates an attribute in an IdP assertion.
    • "type": "orgPersonType" indicates an attribute in an IdP assertion.
    • not_any_of: The rule is not matched if any of the specified strings appear in the attribute type. The condition result is Boolean, not the argument that is passed as input.

    links

    Yes

    Object

    Mapping resource link.

  • Example response
    {
        "links": {
            "next": null,
            "previous": null,
            "self": "https://example.com/v3/OS-FEDERATION/mappings"
        },
        "mappings": [
            {
                "id": "ACME",
                "links": {
                    "self": "https://example.com/v3/OS-FEDERATION/mappings/ACME"
                },
                "rules": [
                    {
                        "local": [
                            {
                                "user": {
                                    "name": "{0}"
                                }
                            },
                            {
                                "group": {
                                    "id": "0cd5e9"
                                }
                            }
                        ],
                        "remote": [
                            {
                                "type": "UserName"
                            },
                            {
                                "type": "orgPersonType",
                                "any_one_of": [
                                    "Contractor",
                                    "SubContractor"
                                ]
                            }
                        ]
                    }
                ]
            }
        ]
    }

Status Codes

Status Code

Description

200

The request is successful.

400

The server failed to process the request.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

405

The method specified in the request is not allowed for the requested resource.

413

The request entity is too large.

500

Internal server error.

503

Service unavailable.