Help Center/ Identity and Access Management/ API Reference/ API/ Federated Identity Authentication Management/ Mappings/ Registering a Mapping
Updated on 2024-07-30 GMT+08:00
View PDF
Share

Registering a Mapping

Function

This API is provided for the administrator to register a mapping.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Debugging

You can debug this API in API Explorer.

URI

PUT /v3/OS-FEDERATION/mappings/{id}

Table 1 URI parameters

Parameter

Mandatory

Type

Description

id

Yes

String

Mapping ID.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

Content-Type

Yes

String

Fill application/json;charset=utf8 in this field.

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.
Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

mapping

Yes

Object

Mapping information.
Table 4 mapping

Parameter

Mandatory

Type

Description

rules

Yes

Array of objects

Rule used to map federated users to local users.
Table 5 mapping.rules

Parameter

Mandatory

Type

Description

local

Yes

Array of RulesLocal objects

Federated user information on the cloud platform. user indicates the name of a federated user on the cloud platform. group indicates the group which a federated user belongs to on the cloud platform.

remote

Yes

Array of objects

Federated user information in the IdP system. If SAML is used, this field is an expression consisting of assertion attributes and operators, and the value of this field is determined by the assertion. If OIDC protocol is used, the value of this field is determined by the ID token.
Table 6 mappings.rules.local

Parameter

Mandatory

Type

Description

user

No

user object

Name of a federated user on the cloud platform.

group

No

group object

User group which a federated user belongs to on the cloud platform.
Table 7 mappings.rules.local.user

Parameter

Mandatory

Type

Description

name

Yes

String

Name of a federated user on the cloud platform.
Table 8 mappings.rules.local.group

Parameter

Mandatory

Type

Description

name

Yes

String

User group which a federated user belongs to on the cloud platform.
Table 9 mapping.rules.remote

Parameter

Mandatory

Type

Description

type

Yes

String

IdP assertion (SAML) or ID token (OIDC)

any_one_of

No

Array of strings

The rule is matched only if the specified strings appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. In a remote array, any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.

not_any_of

No

Array of strings

The rule is matched only if the specified strings do not appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.

Response Parameters

Table 10 Parameters in the response body

Parameter

Type

Description

mapping

Object

Mapping information.
Table 11 mapping

Parameter

Type

Description

id

String

Mapping ID.

links

Object

Mapping resource link information.

rules

Array of objects

Rule used to map federated users to local users.
Table 12 mapping.links

Parameter

Type

Description

self

String

Resource link.
Table 13 mappings.rules

Parameter

Type

Description

local

Array of objects

Federated user information on the cloud platform. user indicates the name of a federated user, and group indicates the group which the federated user belongs to.

remote

Array of objects

Federated user information in the IdP system. If SAML is used, this field is an expression consisting of assertion attributes and operators, and the value of this field is determined by the assertion. If OIDC protocol is used, the value of this field is determined by the ID token.
Table 14 mappings.rules.local

Parameter

Type

Description

user

user object

Name of a federated user on the cloud platform.

group

group object

User group which a federated user belongs to on the cloud platform.
Table 15 mappings.rules.local.user

Parameter

Type

Description

name

String

Name of a federated user on the cloud platform.
Table 16 mappings.rules.local.group

Parameter

Type

Description

name

String

User group which a federated user belongs to on the cloud platform.
Table 17 mapping.rules.remote

Parameter

Type

Description

type

String

IdP assertion (SAML) or ID token (OIDC)

any_one_of

Array of strings

The rule is matched only if the specified strings appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. In a remote array, any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.

not_any_of

Array of strings

The rule is matched only if the specified strings do not appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.

Example Request

Request for registering a mapping

PUT https://iam.myhuaweicloud.com/v3/OS-FEDERATION/mappings/{id}
{
    "mapping": {
        "rules": [
            {
                "local": [
                    {
                        "user": {
                            "name": "LocalUser"
                        }
                    },
                    {
                        "group": {
                            "name": "LocalGroup"
                        }
                    }
                ],
                "remote": [
                    {
                        "type": "UserName"
                    },
                    {
                        "type": "orgPersonType",
                        "not_any_of": [
                            "Contractor",
                            "Guest"
                        ]
                    }
                ]
            }
        ]
    }
}

Example Response

Status code: 201

The mapping is registered successfully.

{
    "mapping": {
        "rules": [
            {
                "local": [
                    {
                        "user": {
                            "name": "LocalUser"
                        }
                    },
                    {
                        "group": {
                            "name": "LocalGroup"
                        }
                    }
                ],
                "remote": [
                    {
                        "type": "UserName"
                    },
                    {
                        "type": "orgPersonType",
                        "not_any_of": [
                            "Contractor",
                            "Guest"
                        ]
                    }
                ]
            }
        ],
        "id": "ACME",
        "links": {
            "self": "https://iam.myhuaweicloud.com/v3/OS-FEDERATION/mappings/ACME"
        }
    }
}

Status Codes

Status Code

Description

201

The mapping is registered successfully.

400

Invalid parameters.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

405

The method specified in the request is not allowed for the requested resource.

409

A resource conflict occurs.

413

The request entity is too large.

500

Internal server error.

503

Service unavailable.

Error Codes

None

Parent topic: Mappings