Registering a Mapping
Function
This API is provided for the administrator to register a mapping.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
Debugging
You can debug this API in API Explorer.
URI
PUT /v3/OS-FEDERATION/mappings/{id}
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
id |
Yes |
String |
Mapping ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Yes |
Object |
Mapping information. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Yes |
Array of objects |
Rule used to map federated users to local users. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Yes |
Array of RulesLocal objects |
Federated user information on the cloud platform. user indicates the name of a federated user on the cloud platform. group indicates the group which a federated user belongs to on the cloud platform. |
|
Yes |
Array of objects |
Federated user information in the IdP system. If SAML is used, this field is an expression consisting of assertion attributes and operators, and the value of this field is determined by the assertion. If OIDC protocol is used, the value of this field is determined by the ID token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
No |
user object |
Name of a federated user on the cloud platform. |
|
No |
group object |
User group which a federated user belongs to on the cloud platform. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
Name of a federated user on the cloud platform. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
User group which a federated user belongs to on the cloud platform. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
IdP assertion (SAML) or ID token (OIDC) |
any_one_of |
No |
Array of strings |
The rule is matched only if the specified strings appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. In a remote array, any_one_of and not_any_of are mutually exclusive and cannot be set at the same time. |
not_any_of |
No |
Array of strings |
The rule is matched only if the specified strings do not appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. any_one_of and not_any_of are mutually exclusive and cannot be set at the same time. |
Response Parameters
Parameter |
Type |
Description |
---|---|---|
Object |
Mapping information. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Mapping ID. |
Object |
Mapping resource link information. |
|
Array of objects |
Rule used to map federated users to local users. |
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Federated user information on the cloud platform. user indicates the name of a federated user, and group indicates the group which the federated user belongs to. |
|
Array of objects |
Federated user information in the IdP system. If SAML is used, this field is an expression consisting of assertion attributes and operators, and the value of this field is determined by the assertion. If OIDC protocol is used, the value of this field is determined by the ID token. |
Parameter |
Type |
Description |
---|---|---|
user object |
Name of a federated user on the cloud platform. |
|
group object |
User group which a federated user belongs to on the cloud platform. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Name of a federated user on the cloud platform. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
User group which a federated user belongs to on the cloud platform. |
Parameter |
Type |
Description |
---|---|---|
type |
String |
IdP assertion (SAML) or ID token (OIDC) |
any_one_of |
Array of strings |
The rule is matched only if the specified strings appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. In a remote array, any_one_of and not_any_of are mutually exclusive and cannot be set at the same time. |
not_any_of |
Array of strings |
The rule is matched only if the specified strings do not appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. any_one_of and not_any_of are mutually exclusive and cannot be set at the same time. |
Example Request
Request for registering a mapping
PUT https://iam.myhuaweicloud.com/v3/OS-FEDERATION/mappings/{id}
{ "mapping": { "rules": [ { "local": [ { "user": { "name": "LocalUser" } }, { "group": { "name": "LocalGroup" } } ], "remote": [ { "type": "UserName" }, { "type": "orgPersonType", "not_any_of": [ "Contractor", "Guest" ] } ] } ] } }
Example Response
Status code: 201
The mapping is registered successfully.
{
"mapping": {
"rules": [
{
"local": [
{
"user": {
"name": "LocalUser"
}
},
{
"group": {
"name": "LocalGroup"
}
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"not_any_of": [
"Contractor",
"Guest"
]
}
]
}
],
"id": "ACME",
"links": {
"self": "https://iam.myhuaweicloud.com/v3/OS-FEDERATION/mappings/ACME"
}
}
}
Status Codes
Status Code |
Description |
---|---|
201 |
The mapping is registered successfully. |
400 |
Invalid parameters. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
405 |
The method specified in the request is not allowed for the requested resource. |
409 |
A resource conflict occurs. |
413 |
The request entity is too large. |
500 |
Internal server error. |
503 |
Service unavailable. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot