Help Center/ IAM Identity Center/ API Reference/ API/ Identity Provider Management/ Creating External Identity Provider Configurations
Updated on 2025-08-21 GMT+08:00

Creating External Identity Provider Configurations

Function

This API is used to create configurations for an external identity provider. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

POST /v1/identity-stores/{identity_store_id}/external-idp

Table 1 Path parameters

Parameter

Mandatory

Type

Description

identity_store_id

Yes

String

Globally unique ID of an identity source.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Security-Token

No

String

Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

idp_saml_metadata

No

String

SAML metadata of an identity provider. Either the SAML settings or the SAML metadata of an identity provider must be configured.

idp_certificate

No

String

Identity provider certificate, which is used together with the identity provider's SAML settings.

idp_saml_config

No

idp_saml_config object

SAML settings of an identity provider. Either the SAML settings or the SAML metadata of an identity provider must be configured.

Table 4 idp_saml_config

Parameter

Mandatory

Type

Description

entity_id

No

String

Issuer ID of an identity provider.

login_url

No

String

Login link of an identity provider.

Response Parameters

Status code: 201

Table 5 Parameters in the response body

Parameter

Type

Description

hws_sp_saml_config

SPSAMLConfig object

Service provider configuration.

idp_certificate_id

String

Globally unique ID of an identity provider certificate.

idp_certificate_ids

Array of strings

List of globally unique IDs of identity provider certificates.

idp_id

String

Globally unique ID of an external identity provider.

Table 6 SPSAMLConfig

Parameter

Type

Description

acs_url

String

Response address of a service provider's assertion.

issuer

String

Service provider issuer.

metadata

String

Service provider metadata.

Status code: 400

Table 7 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

Status code: 403

Table 8 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

encoded_authorization_message

String

Encrypted error message.

Example Request

Creating configurations for an external identity provider

POST https://{hostname}/v1/identity-stores/{identity_store_id}/external-idp

{
  "idp_saml_metadata" : "<?xml version=\"1.0\" encoding=\"utf-8\"?><EntityDescriptor ID=\"_678cd4a8-4915-4e2d-a4ce-6*************cd/saml2\" /></IDPSSODescriptor></EntityDescriptor>"
}

Example Response

Status code: 201

Successful

{
  "hws_sp_saml_config" : {
    "acs_url" : "https://cn-north-4-signin.huaweicloud.com/v1/platform/saml/acs/xxxxxxx",
    "issuer" : "https://cn-north-4.signin.huaweicloud.com/platform/saml/xxxxxx",
    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?>xxxxxxx</md:EntityDescriptor>"
  },
  "idp_certificate_id" : "553523a6-ebde-4570-xxxxxxx",
  "idp_certificate_ids" : [ "553523a6-ebde-4570-xxxxxxx" ],
  "idp_id" : "a48e3f1b-59f8-4b8f-xxxxxxx"
}

Status Codes

Status Code

Description

201

Successful.

400

Bad request.

403

Forbidden.

Error Codes

For details, see Error Codes.